|

»

Is there an example for an authmod?

View: New views

3 Messages — Rating Filter: Alert me

	Is there an example for an authmod? by Yu Di-2 :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Some parts of this message have been removed. Learn more about Nabble's security policy. Hi, I am trying to write an authmod, and implemented the auth/2 function. However, I found that (1) when yaws starts, it tries to call a get_header/0 function in this module (2) if I return {false, Realm}, yaws will try to call an out/1 function in this module. So what should I put into these two functions? And how can I force the browser to open a user name/password dialog (like when I am specifying "user=..." instead of "authmod=..." in the yaws configuration)? Is there an example authmod code somewhere that I can refer to? Thanks very much! ------------------------------------------------------------------------------ Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment - and focus on what you do best, core application coding. Discover what's new with Crystal Reports now. http://p.sf.net/sfu/bobj-july _______________________________________________ Erlyaws-list mailing list Erlyaws-list@... https://lists.sourceforge.net/lists/listinfo/erlyaws-list
	Re: Is there an example for an authmod? by Claes Wikström :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Yu Di wrote: > Hi, I am trying to write an authmod, and implemented the auth/2 > function. However, I found that > > (1) when yaws starts, it tries to call a get_header/0 function in this > module > (2) if I return {false, Realm}, yaws will try to call an out/1 function > in this module. We're still missing some good auth documentation. The auth code was recently rewritten by a Fabian (at Kreditor) and he promised to do a write-up. Maybe this is the time - Fabian !! /klacke ------------------------------------------------------------------------------ Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment - and focus on what you do best, core application coding. Discover what's new with Crystal Reports now. http://p.sf.net/sfu/bobj-july _______________________________________________ Erlyaws-list mailing list Erlyaws-list@... https://lists.sourceforge.net/lists/listinfo/erlyaws-list
	Re: Is there an example for an authmod? by Anders Dahlin :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Yu Di wrote: > Hi, I am trying to write an authmod, and implemented the auth/2 > function. However, I found that > > (1) when yaws starts, it tries to call a get_header/0 function in this > module > (2) if I return {false, Realm}, yaws will try to call an out/1 function > in this module. > > So what should I put into these two functions? And how can I force the > browser to open a user name/password dialog (like when I am specifying > "user=..." instead of "authmod=..." in the yaws configuration)? Is there > an example authmod code somewhere that I can refer to? > > Thanks very much! Hi, get_header/0 should return a list of auth headers. Depending on how you set things up, the auth headers may already contain enough to challenge for a password. If you are using a .yaws_auth file or have a server spec in yaws.conf with a user or pam, the auth headers will at least contain ["WWW-Authenticate: Basic realm=\"", Realm, ["\"\r\n"]]. Also depending on your setup, get_header may or may not be used (it's called when you have an authmod value in yaws.conf or when you have a .yaws_auth file with an authmod setting. If you see the warning "Failed to ...get_header(), one of the above happened. Example of a minimal authmod module not depending on that auth headers are already set. This will never authenticate since auth/2 always returns {false, Realm}: -module(authmod). -export([auth/2]). -export([out/1]). -export([get_header/0]). %% false will issue a "403", {false, X} will call out/1 in this module auth(_Arg, Auth) -> {false, Auth#auth.realm}. %% Called when auth/2 returns {false, X} out(_Arg) -> [{status, 401}, {header, "WWW-Authenticate: Basic Realm=\"XXX\""}]. %% This should return a list of extra auth headers get_header() -> []. Brgds, /Anders ------------------------------------------------------------------------------ Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment - and focus on what you do best, core application coding. Discover what's new with Crystal Reports now. http://p.sf.net/sfu/bobj-july _______________________________________________ Erlyaws-list mailing list Erlyaws-list@... https://lists.sourceforge.net/lists/listinfo/erlyaws-list