5

When you log in through a basic auth page, is the username you authenticated as stored anywhere (on the server or client machine), maybe in an environment variable?

Background: I have a common web administration page for an e-mail server and I'd like to know who is doing what. When a user successfully logs in via basic auth, I somehow want to be able to identify them and log their actions. So each time a request is submitted, I can write to a log file. The basic format would be:

$username ran a $function against $useraccount

so if a user changed someone's permissions, eg:

Admin-Bob ran a permission change against User-Scott

So if errors occur, I can easily trace back in the log file what actions lead to the cause. I tried checking the %ENV hash to no avail, any Ideas?

I don't really want to get into PHP-like sessions, because that would mean scrapping my basic auth, which gives me a fine degree of control already. If I have to code something with sessions, I'd need to implement a system to block users after maximum tries and so on, which I don't really want to code. I think this is better geared towards serverfault because it pertains to Apache moreso than the programming language. Sessions can be done in a myriad of languages.

RHELAdmin
  • 360
  • 3
  • 10

3 Answers3

8

The username will be available in the environment variable REMOTE_USER.

This works for nearly every authentication method, should you ever start using digest or maybe even kerberos authentication.

Shtééf
  • 1,225
  • 2
  • 12
  • 19
3

Shtééf already mentioned $ENV{'REMOTE_USER'}, but if you're using CGI.pm, it's also returned by the remote_user() function.

my $cgi = CGI->new();
print $cgi->remote_user(); # Prints user name
Powerlord
  • 461
  • 2
  • 7
0

Its actually a server variable, not environment.

PHP_AUTH_USER and AUTH_USER should both work.

grufftech
  • 6,620
  • 4
  • 35
  • 37