[horde] Transparent authentication probably not possible

Chuck Hagenbuch chuck at horde.org
Wed Dec 18 06:15:01 PST 2002


Quoting Fathi Ben Nasr <fathi.engineer at gnet.tn>:

> Setting up the http.php script to check if the user has already been
> authenticated to the server doesn't allow him to access the horde
> framework as the httppostvars variables which are checked for the username 
> and password before the authetication script is called are empty.
> If  this variables are not checked to see if they are empty relying on
> the javascript source to ensure that a username/password pair is sent and
> calling the http.php script uncoditionnaly would probably allow 
> transparent authentication.

Then change it to check the variables that are set for you. http.php doesn't
check postvars at all; it uses $_SERVER['PHP_AUTH_USER']. I have no idea
what you mean about javascript. Perhaps since the auth is coming from
elsewhere, the password isn't available?

If it doesn't work for you, fix it. If it's a general-purpose fix, send a patch.

-chuck

--
Charles Hagenbuch, <chuck at horde.org>
"People ask me all the time what it will be like living without otters."
 - Google, thanks to Harpers


More information about the horde mailing list