[nycphp-talk] Firefox and authentication
mmwaldman at nyc.rr.com
Fri Jan 30 21:30:24 EST 2009
I'm trying to switch from basic authentication to digest. I'm working in
Firefox, which is why.
I'm using mod_auth_mysql for most of the account.
<Files login.php> Logged in as Basic
AuthName "The space"
require group agroup
<Files logout.php> Want to call a script protected by digest
AuthName "The Space"
Require user nonexistent
To log off, I'm using:
olxmlHttp.open("GET","logout.php",false, "logoff", "logoff");
olxmlHttp.abort(); //* commented out right now
In the .htaccess file I have:
In the domain error log I get:
Digest: client used wrong authentication scheme `Basic':
/path/force_logout.php, referer: https://domain/path/
Then a popup window opens.
When I type the wrong user/password, in the error log I get:
Digest: user `b' in realm `The Space' not found: /path/logout.php, referer:
Does anyone know how to switch between authentication type from a script?
I'm was thinking setRequestHeader would work.
In phpinfo() on a script in the same directory, I have:
HTTP Request GET /path/file HTTP/1.1
User-Agent Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:188.8.131.52)
Authorization Digest username="user", realm="My Site", nonce="value",
uri="script", algorithm=MD5, response="value", qop=auth, nc=00000001,
What I'm not sure is what the server is looking at. The authorization value
in the client header? Is that dictating what should happen. Httpd is
complaining wrong Authentication Scheme, which makes me think server side
Authenticate header, which is what I was trying for a while until I realized
I was on the client.
Can I change the headers and it will work? Is this the right thing to do?
I dabbled a little with setting different Authorization header values.
But, I need a break and could use some advice.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the talk