Re: CGI and REMOTE_USER

Rob McCool (robm@ncsa.uiuc.edu)
Tue, 18 Jan 1994 15:57:47 -0600


/*
* CGI and REMOTE_USER by Markus Stumpf (stumpf@informatik.tu-muenchen.de)
* written on Jan 18, 10:34pm.
*
* I have hacked rfc931 identification into the NCSA httpd-1.0 code.
* No big deal :) I've used the rfc931.c from tcp-wrappers package and added
* one line to httpd.c.
*
* For those unfamiliar with rfc931: this makes a connection back to
* the client host and tries to contact an indent daemon which provides
* the username of the user owning the client socket.
* We want to use this feature to gain more information on (mostly local)
* users using scripts (for sending mail to webmaster, etc.).
*
* I'd like to provide this information within the CGI scripts, but it looks
* like REMOTE_USER is the wrong variable. To be true, I think REMOTE_USER
* would be the correct one but the current name for what it is used for
* is misleading and should be changed to AUTH_USER :)
* As like I read the spec the real user on the client side and the user
* that should be authenticated mustn't necessarily be the same, right?
*/

Yes, that's right. Despite the fact that the name is misleading I would
prefer not to change the usage of REMOTE_USER since it is not backward
compatible change and we promised no more of those. What about using
REMOTE_LOGNAME or something like that for the identd-given username?

--Rob