Am Freitag, den 05.01.2018, 16:29 +0100 schrieb Branko Čibej: > Are you really changing the username stored in the request in your > authentication script? That could certainly be the problem, AFAIK > there's no guarantee that that change gets propagated back to > mod_authz_svn. > > (It's also a horribly wrong approach to authentication.)
Just curious - why should that be a problem.
Its a normal authentication hook provided via mod_lua since Apache HTTPD
2.4.
Look here [1].
Even the example in the docs sets that user in the auth phase:
..
if auth ~= nil then
-- fake the user
r.user = 'foo'
end
...
So to me this should not make a problem and other httpd 2.4 resources do
not exhibit any problem with that documented approach to authenticate
users (you could even hard code a user like in the example done here by
the OP, should work regarding to svn).
And if it is - its a bug in mod_authz_svn imho, don't you agree?
What's so horribly wrong?
Its the auth phase module - its what the basic_auth or any other auth
module probably does, it sets r.user - the only difference here is, that
a lua script is used to be the auth handler - can you explain what's
wrong with a auth hook that it sets r.user - seems legit to be done and
the docs [1] do agree here - don't you think?
thanks and kind regards
Torsten
[1]
https://httpd.apache.org/docs/2.4/mod/mod_lua.html#luahookauthchecker
smime.p7s
Description: S/MIME cryptographic signature
