[imp] shared folder acl editing
Liam Hoekenga
liamr at umich.edu
Fri Jul 18 14:46:52 UTC 2008
> Revisting the code, I noticed that my assumption was not correct. We
> actually check if 'admin' settings exist in servers.php, because
> that's what we also do to check if the 'list' capability is
> available when using IMP authentication.
We're using Cyrus. I just kept the "admin" block from servers.php.dist.
Looks like it get the field if I set
$servers['cyrus']['admin'] = false;
>>> Why don't you use the http authentication driver?
>>
>> Because it checks PHP_AUTH_USER instead of $_SERVER['REMOTE_USER'],
>> and our stuff doesn't set PHP_AUTH_USER. We also don't use an
>> .htaccess file for authentication, or do anything that pretends to
>> be basic auth.
>
> Ah, I thought REMOTE_USER was set by some http basic auth.
I believe that HTTP basic auth should always set REMOTE_USER. When a
browser has authenticated with basic auth, it embeds the username and
password in the http headers that get passed to the server with every
request. I'm pretty sure it's the presence of these headers that
causes PHP to set the PHP_AUTH_USER and PHP_AUTH_PW environment
variables.
Our SSO only sets REMOTE_USER. Would it be reasonable, perhaps, for
the http authentication driver to check for either PHP_AUTH_USER or
REMOTE_USER?
Liam
More information about the imp
mailing list