Re: lynx-dev auth=username:password clarification requested

[Laszlo Girhiny]

Thanks, I guess I have some work still lurking ahead of me.  What else is
new.

On Wed, 9 Jun 1999, Klaus Weide wrote:

> On Wed, 9 Jun 1999, Laszlo Girhiny wrote:
> 
> > I currently have apache configured to run on the same server as the
> > user shell accounts.
> > 
> > I have a directory that is protected by IP ( the ip of server is
> > automatically granted access ) and then by the standard username:password
> > login for other IPs.
> > 
> > This works fine, except that I would like the log files to reflect the
> > username of each access.  And I hoped that the -auth=username:password
> > option would work.  However, it doesn't.
> 
> As far as I know, Lynx never sends authentication info unless asked by
> the server for it.  I expect all browsers behave like this.  the -auth=...
> is just stored away and used _if needed_ for the first access.
> 
> > Is there any way to accomplish this kind of tracking.  I could force
> > authentication from lynx, but this would be a double login ( first to
> > shell then to web site as lynx is launced at startup).  Very unpopular
> > with the users.
> 
> I assume you can control the users' command line (otherwise, why would
> you ask about -auth?).   The server needs to ask for authentication.
> Maybe you can tweak it to do that _for local users_ without requiring a
> real password, with some kind of dummy authentication method (or even a CGI
> script that sends a 401 response).  If you then can make users start lynx
> with -auth=<my_username>:dummy, the authentication dialog should take
> place without user interaction.  (This is untested.)
> 
>     ---
> 
> You could also try to enforce use of a "From:" header and log that
> somehow, see -from and corresponding lynx.cfg option, but
> probably shouldn't do that if users can access any external servers.
> 
> 
>    Klaus
> 
> 
>