DekGenius.com
[ Team LiB ] Previous Section Next Section

Recipe 6.14 Obtaining the Password Used to Authenticate

Problem

You want to get the password that the user authenticated with.

Solution

Standard Apache modules do not make this value available. It is, however, available from the Apache API if you wish to write your own authentication methods.

In the Apache 1.3 API, you need to investigate the ap_get_basic_auth_pw function. In the 2.0 API, look at the get_basic_auth function.

If you write an authentication handler with mod_perl, you can retrieve the username and password with the get_username function:

 my ($username, $password) = get_username($r);

Discussion

For security reasons, although the username is available as an environment variable, the password used to authenticate is not available in any simple manner. The rationale behind this is that it would be a simple matter for unscrupulous individuals to capture passwords so that they could then use them for their own purposes. Thus the decision was made to make passwords near to impossible to attain.

The only way to change this is to rebuild the server from the sources with a particular (strongly discouraged) compilation flag. Alternately, if you write your own authentication module, you would of course have access to this value, as you would need to verify it in your code.

See Also

    [ Team LiB ] Previous Section Next Section