[3511] in WWW Security List Archive
Re: REMOTE_USER
daemon@ATHENA.MIT.EDU (Steff Watkins)
Mon Nov 11 06:43:07 1996
Date: Mon, 11 Nov 1996 05:37:32 +0000 (GMT)
From: Steff Watkins <Steff.Watkins@Bristol.ac.uk>
To: www-security@ns2.rutgers.edu
In-Reply-To: <Pine.3.91.961108141853.27659A-100000@pitfall.cs.odu.edu>
Errors-To: owner-www-security@ns2.rutgers.edu
On Fri, 8 Nov 1996, Andrea Di Fabio wrote:
> Has anyone successfully got this ENV variable to return something ??
> If so, let me know how.
>
> I have also tried to runas the apache 1.1.1 server from inetd,
> and got the username to appear in the tcpwrappers ... but I did
> not have any luck with SSI or CGI $ENV{'REMOTE_USER'}
Hello Andrea,
I have had this problem earlier with the NCSA webserver. However I found
that, with the NCSA webserver, I could use the REMOTE_USER environment
variable if I configured my webserver with the following parametr in
httpd.conf:
IdentityCheck On
This causes the webserver to do an ident callback and to get the remote
system's idea of which user is currently calling in.
Now, I know little about the Apache configuration, but I would suggest
that you look for something similar. Without it, you will not be able to
do 'ident' checks on incoming calls from users.
Steff
: Steff Watkins, General Computer-type being
: University of Bristol, Clifton, Bristol, BS8 1TH, UK
:
: RFC-822 : Steff.Watkins@bris.ac.uk
: X-400 : /G=Steff/S=Watkins/O=Bristol/PRMD=UK.AC/ADMD= /C=GB/
: Phone: +44 177 9287869 (external) 3046 / 7869 (internal)
