[3505] in WWW Security List Archive
Re: REMOTE_USER
daemon@ATHENA.MIT.EDU (Andrei D. Caraman)
Sat Nov 9 09:07:51 1996
Date: Sat, 9 Nov 1996 13:31:13 +0200 (EET)
From: "Andrei D. Caraman" <xax@arkenstone.pub.ro>
To: Andrea Di Fabio <fabio@cs.odu.edu>
cc: www-security@ns2.rutgers.edu
In-Reply-To: <Pine.3.91.961108141853.27659A-100000@pitfall.cs.odu.edu>
Errors-To: owner-www-security@ns2.rutgers.edu
On Fri, 8 Nov 1996, Andrea Di Fabio wrote:
> Has anyone successfully got this ENV variable to return something ??
yep.
> If so, let me know how.
REMOTE_USER is not the login the tcpwrapper logs, but it's the name that a
user uses (does that sound bad?) for authentication when accessing some
protected realm on the web server.
so you have to ask for a login/passwd to get REMOTE_USER.
if on the other hand what you need is the login as reported by the
tcpwrapper, you have to examine the REMOTE_IDENT variable. note that the
httpd needs to do a rfc931 lookup, which is a bit time consuming, so
that's why this query is usually disabled.
>
> I have also tried to runas the apache 1.1.1 server from inetd,
> and got the username to appear in the tcpwrappers ... but I did
> not have any luck with SSI or CGI $ENV{'REMOTE_USER'}
>
> /\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\
> Andrea Di Fabio E-Mail: |||||
> --------------- ------- (0 0)
> 207 Westover Ave, Apt 105 fabio@cs.odu.edu -oOO--(_)--OOo-
> Norfolk, VA 23517 http://www.cs.odu.edu/~fabio | S.C.I.A. |
> Phone & Fax:(804)-624-1537 |_____________|
> ------------------------------------------------------------------------------
> Old Dominion University Unix System Group
> System and Security Administrator
> WebMaster
> ------------------------------------------------------------------------------
> Kill a few people and they call you a murderer, kill a million and
> they call you a conqueror ... go figure !! (Cliffhanger)
> ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
> -----BEGIN PGP PUBLIC KEY BLOCK-----
> Version: 2.6.2
>
> mQENAzELxnUAAAEIANTOWgm+JjADHU5h8vsyUAsA2mJsLrENgp2LYI/SKYGApL+O
> 2WyFG1dMtgJCaYQ14MiCEjlXJ1PPbFlYE5BgeFoDYcDeycUfCV8DC4ucFxZkz3ku
> UDQDRL0xTHjxMjCUP3ohIdGpmDlhLcRGOQNbyY7rXzEJ9sK2CU3d+BaO1Yeq/y6n
> yAEDRWF+nqEHW8T6Un+Ekag6YSH6ELYauZofzyXsXdCWdCKqwl+9ZNMXtBt/ev7w
> xeWitMjZU69UoamJMvt7Vj/7henErF2Zs2nu58Bxsq9iY/F29FUrzCbfnCGHHtHd
> AMQ1PQyNlEQLqyLyxDMJlPEnD7UmrMxDtJ4uEykABRG0IkFuZHJlYSBEaSBGYWJp
> byA8ZmFiaW9AY3Mub2R1LmVkdT4=
> =SK15
> -----END PGP PUBLIC KEY BLOCK-----
> \/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/
>
>
>
>
Andrei D. Caraman ROEDUNET ---- Bucharest
Webmaster, hostmaster, ftpkeeper, sysadmin & many more
xax@arkenstone.pub.ro http://www.pub.ro/~xax/
- Geek code & PGP key available by WWW -
