Finding the current user authenticated by basic auth (Apache)
Posted
by jtd
on Server Fault
See other posts from Server Fault
or by jtd
Published on 2010-06-18T13:57:04Z
Indexed on
2010/06/18
14:03 UTC
Read the original article
Hit count: 250
When you log in through a basic auth page, is the username you authenticated as stored anywhere (on the server or client machine), maybe in an environment variable?
Background: I have a common web administration page for an e-mail server and I'd like to know who is doing what. When a user successfully logs in via basic auth, I somehow want to be able to identify them and log their actions. So each time a request is submitted, I can write to a log file. The basic format would be:
$username ran a $function against $useraccount
so if a user changed someone's permissions, eg:
Admin-Bob ran a permission change against User-Scott
So if errors occur, I can easily trace back in the log file what actions lead to the cause. I tried checking the %ENV
hash to no avail, any Ideas?
I don't really want to get into PHP-like sessions, because that would mean scrapping my basic auth, which gives me a fine degree of control already. If I have to code something with sessions, I'd need to implement a system to block users after maximum tries and so on, which I don't really want to code. I think this is better geared towards serverfault because it pertains to Apache moreso than the programming language. Sessions can be done in a myriad of languages.
© Server Fault or respective owner