# HG changeset patch # User paulb # Date 1078013174 0 # Node ID 963a1e046eb8015e57333a929ac81fa5150f6346 # Parent 75c2149dbcd33efccb7cfb6bd0367470c9a24b6c [project @ 2004-02-29 00:06:14 by paulb] Adjusted the authentication/authorisation description to mention the use of authenticators. diff -r 75c2149dbcd3 -r 963a1e046eb8 docs/ModPython/NOTES.txt --- a/docs/ModPython/NOTES.txt Sun Feb 29 00:05:02 2004 +0000 +++ b/docs/ModPython/NOTES.txt Sun Feb 29 00:06:14 2004 +0000 @@ -32,13 +32,11 @@ Authentication/authorisation in mod_python: -Whilst WebStack applications are permitted to send the "WWW-Authenticate" -header to HTTP clients, Apache appears to avoid defining the current user -unless various Auth directives have been applied to such applications in the -httpd.conf file, and since Apache sends such authentication headers when such -directives have been applied in the configuration, WebStack applications seem -to have limited control over the precise circumstances of authentication -itself. +Apache imposes fairly strict controls over authentication, requiring the +addition of various declarations in the configuration in order to impose +access controls on applications, and for WebStack authenticators to be used, a +"PythonAuthenHandler" must be declared in the application's configuration +section. Consequently, it is necessary to define authentication methods in the httpd.conf file as in the following example: @@ -48,6 +46,7 @@ AddHandler python-program .py PythonHandler AuthHandler + PythonAuthenHandler AuthHandler PythonDebug On AuthType Basic AuthName "AuthResource"