Re: lynx-dev auth=username:password clarification requested

[Klaus Weide]

On Wed, 9 Jun 1999, Laszlo Girhiny wrote:

> I currently have apache configured to run on the same server as the
> user shell accounts.
> 
> I have a directory that is protected by IP ( the ip of server is
> automatically granted access ) and then by the standard username:password
> login for other IPs.
> 
> This works fine, except that I would like the log files to reflect the
> username of each access.  And I hoped that the -auth=username:password
> option would work.  However, it doesn't.

As far as I know, Lynx never sends authentication info unless asked by
the server for it.  I expect all browsers behave like this.  the -auth=...
is just stored away and used _if needed_ for the first access.

> Is there any way to accomplish this kind of tracking.  I could force
> authentication from lynx, but this would be a double login ( first to
> shell then to web site as lynx is launced at startup).  Very unpopular
> with the users.

I assume you can control the users' command line (otherwise, why would
you ask about -auth?).   The server needs to ask for authentication.
Maybe you can tweak it to do that _for local users_ without requiring a
real password, with some kind of dummy authentication method (or even a CGI
script that sends a 401 response).  If you then can make users start lynx
with -auth=<my_username>:dummy, the authentication dialog should take
place without user interaction.  (This is untested.)

    ---

You could also try to enforce use of a "From:" header and log that
somehow, see -from and corresponding lynx.cfg option, but
probably shouldn't do that if users can access any external servers.


   Klaus