Am Freitag, den 05.01.2018, 16:29 +0100 schrieb Branko Čibej:
> Are you really changing the username stored in the request in your
> authentication script? That could certainly be the problem, AFAIK
> there's no guarantee that that change gets propagated back to
> (It's also a horribly wrong approach to authentication.)
Just curious - why should that be a problem.
Its a normal authentication hook provided via mod_lua since Apache HTTPD
Look here .
Even the example in the docs sets that user in the auth phase:
if auth ~= nil then
-- fake the user
r.user = 'foo'
So to me this should not make a problem and other httpd 2.4 resources do
not exhibit any problem with that documented approach to authenticate
users (you could even hard code a user like in the example done here by
the OP, should work regarding to svn).
And if it is - its a bug in mod_authz_svn imho, don't you agree?
What's so horribly wrong?
Its the auth phase module - its what the basic_auth or any other auth
module probably does, it sets r.user - the only difference here is, that
a lua script is used to be the auth handler - can you explain what's
wrong with a auth hook that it sets r.user - seems legit to be done and
the docs  do agree here - don't you think?
thanks and kind regards
Received on 2018-01-22 13:05:47 CET
- application/x-pkcs7-signature attachment: smime.p7s