Re: CGI and REMOTE_USER
robm@ncsa.uiuc.edu (Rob McCool)
Message-id: <9401182157.AA08158@void.ncsa.uiuc.edu>
From: robm@ncsa.uiuc.edu (Rob McCool)
Date: Tue, 18 Jan 1994 15:57:47 -0600
In-Reply-To: Markus Stumpf <stumpf@informatik.tu-muenchen.de>
"CGI and REMOTE_USER" (Jan 18, 10:34pm)
X-Mailer: Mail User's Shell (7.2.5 10/14/92)
To: Markus Stumpf <stumpf@informatik.tu-muenchen.de>, www-talk@www0.cern.ch
Subject: Re: CGI and REMOTE_USER
Content-Length: 1344
/*
* CGI and REMOTE_USER by Markus Stumpf (stumpf@informatik.tu-muenchen.de)
* written on Jan 18, 10:34pm.
*
* I have hacked rfc931 identification into the NCSA httpd-1.0 code.
* No big deal :) I've used the rfc931.c from tcp-wrappers package and added
* one line to httpd.c.
*
* For those unfamiliar with rfc931: this makes a connection back to
* the client host and tries to contact an indent daemon which provides
* the username of the user owning the client socket.
* We want to use this feature to gain more information on (mostly local)
* users using scripts (for sending mail to webmaster, etc.).
*
* I'd like to provide this information within the CGI scripts, but it looks
* like REMOTE_USER is the wrong variable. To be true, I think REMOTE_USER
* would be the correct one but the current name for what it is used for
* is misleading and should be changed to AUTH_USER :)
* As like I read the spec the real user on the client side and the user
* that should be authenticated mustn't necessarily be the same, right?
*/
Yes, that's right. Despite the fact that the name is misleading I would
prefer not to change the usage of REMOTE_USER since it is not backward
compatible change and we promised no more of those. What about using
REMOTE_LOGNAME or something like that for the identd-given username?
--Rob