[Catalyst] 5.80005: $c->req->remote_user and apache: excluding
actions from authentication
kmx
kmx at volny.cz
Wed Jun 10 05:23:51 GMT 2009
> Erm, no - $c->authenticate will _always_ succeed if you're using
> Credential::Remote, as the web server above you will have always
> authenticated you already..
In fact there are some situations where Credential::Remote's
authenticate(..) can fail:
- REMOTE_USER is not set or is empty (= no authentication was performed
on Apache level)
- REMOTE_USER did not pass allow_regexp / deny_regexp check
- and of course if your Catalyst::Authentication::Store does not know
the REMOTE_USER (this is not gonna happen if you are using
C::A::Store::Null)
You can look into source code - it is not so complicated.
--
kmx
More information about the Catalyst
mailing list