Re: CGI and REMOTE_USER

robm@ncsa.uiuc.edu (Rob McCool)
Message-id: <9401182157.AA08158@void.ncsa.uiuc.edu>
From: robm@ncsa.uiuc.edu (Rob McCool)
Date: Tue, 18 Jan 1994 15:57:47 -0600
In-Reply-To: Markus Stumpf <stumpf@informatik.tu-muenchen.de>
       "CGI and REMOTE_USER" (Jan 18, 10:34pm)
X-Mailer: Mail User's Shell (7.2.5 10/14/92)
To: Markus Stumpf <stumpf@informatik.tu-muenchen.de>, www-talk@www0.cern.ch
Subject: Re: CGI and REMOTE_USER
Content-Length: 1344
/*
 * CGI and REMOTE_USER  by Markus Stumpf (stumpf@informatik.tu-muenchen.de)
 *    written on Jan 18, 10:34pm.
 *
 * I have hacked rfc931 identification into the NCSA httpd-1.0 code.
 * No big deal :) I've used the rfc931.c from tcp-wrappers package and added
 * one line to httpd.c.
 * 
 * For those unfamiliar with rfc931: this makes a connection back to
 * the client host and tries to contact an indent daemon which provides
 * the username of the user owning the client socket.
 * We want to use this feature to gain more information on (mostly local)
 * users using scripts (for sending mail to webmaster, etc.).
 * 
 * I'd like to provide this information within the CGI scripts, but it looks
 * like REMOTE_USER is the wrong variable. To be true, I think REMOTE_USER
 * would be the correct one but the current name for what it is used for
 * is misleading and should be changed to AUTH_USER  :)
 * As like I read the spec the real user on the client side and the user
 * that should be authenticated mustn't necessarily be the same, right?
 */

Yes, that's right. Despite the fact that the name is misleading I would
prefer not to change the usage of REMOTE_USER since it is not backward
compatible change and we promised no more of those. What about using
REMOTE_LOGNAME or something like that for the identd-given username?

--Rob