Hi there,

I'd like to pull a users password so I can automatically log them into a script when they enter into a .htaccess authenticated directory, in much the same way that dbMan gets authname and automatically takes a user to the home page when they enter in this way.

The reason I need to get the password is because it's for a web based mail app that's just an interface to the users POP3 address (Mailman by Endymion).

Is this possible, or will I have to feed them through a database first to get the password?

Again, much kudos to Alex for excellent scripts, I hope more are in the offing!

adam

Typically, Apache and most web servers using HTPASSWD as a method of security do not allow access to the password. The reason for this is because the server will only pass through the user name if the user has actually validated. So, if the username variable exists, that should be the way to validate other options your program might use. Basically, if you're expecting to use .htpasswd as a reliable way to store pop mail passwords, it won't work.


------------------
Fred Hirsch
Web Consultant & Programmer

Hi Fred,

Thanks for your reply. So basically you're saying I have to feed the user through a database or use a cookie to drive them directly into their mailbox. Righty-ho then, much appreciated, I'll just have to work it that way then.

Cheers,
adam

Hi Adam,

Right.. You can't get the password from Apache without editing the Apache source. You can only get the username, you'll have to look it up using some other method.

Cheers,

Alex

I am looking to provide a mechanism whereby Entrust (Public Key Infrastructure) users' can point their browser to a www server, login to a web-based mail GUI which _automatically_ logs them into their sendmail or POP3 mailbox by using certain fields in their x.509v3 certificate.

Any ideas or suggestions?