[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: LYNX-DEV What's "realm"

From: Foteos Macrides
Subject: Re: LYNX-DEV What's "realm"
Date: Wed, 14 May 1997 18:52:48 -0500 (EST)

"Brian Tillman, x8425" <address@hidden> wrote:
>I've search the Web (using Lynx, of course) and I can't seem to find what the
>concept of "realm" actually means.  I did find some handwaving in the Purveyor
>documentation, and a theoretical discussion of some aspects of it in a
>"Session Identification URI" document, but no explanation of what it really
>does, how to control it and how to set it up in a proxy server.
>The reason I ask is that the person who takes care of the proxy server is not
>familiar enough yet to know what it's for and our proxy server is inserting a
>prompt asking for the authentication in the region of the Lynx status line
>devoted to displaying the realm.  I'd like to be able to tell the person how
>to adjust the server to do the prompting correctly.

        Details or how to set it up are server-specific, and I don't have
the Purveyor documentation, so I can't answer your actual question.

        However, I can explain what a realm is, and that's important to
understand because we're using it homolog via a -realm switch in Lynx
for security issues.

        For a server, the realm is a string which is mapped to a
wildcarded, *symbolic*, URL path.  For example, the realm string
might be "Contracts", and that might be mapped to "/safe/*".  If the
browser requests, for example, "/safe/annual_contracts/tillman.html",
then that matches the wildcarded path ("/safe/*"), and the server will
return a rejection status, together with an authentication header
indicating both the username/password encoding scheme (usually "Basic",
meaning BASE64 encoded) and the realm.  Lynx will then prompt you for
your username and password associated with realm "Contracts" on that
host, and then resubmit the request with the encoded username and
password included in its request headers.  It also will infer a
mapping of the realm to "/safe/annual_contracts/*", and thereafter
send the encoded username and password on its own whenever a path
in requests to that host matches.  If, at some point during the
session, you reqested "/safe/lifetime_contracts/tillman.html", Lynx
would not send the header, but if the server returned a rejection
status plus header indicating realm "Contracts", Lynx would "think"
to itself, "Aha!  I already know the encoded username and password
for that realm on that server.", update it's mapping from
"/safe/annual_contracts/*" to "/safe/*" (encompassing both the
"annual_contracts" and "lifetime_contracts" limbs of the "safe"
symbolic hierarchy, and resubmit the request appropriately, without
asking you again for the username and password.

        Your server appears to be returning "Enter Username and/or
Password" as a realm string, possibly due to some typo in intended
comments associated with the server's configuration file(s).

        Lynx uses -realm as a command line switch more simply, but
homologously.  For example, if a site sets up:

        lynx -anonymous -realm http://our_host/public/index.html

for invoking Lynx, then the anonymous users are treated as
"authorized" to access only http URLs on "our_host" with
paths encompassed by "/public/*".


 Foteos Macrides            Worcester Foundation for Biomedical Research
 address@hidden         222 Maple Avenue, Shrewsbury, MA 01545
; To UNSUBSCRIBE:  Send a mail message to address@hidden
;                  with "unsubscribe lynx-dev" (without the
;                  quotation marks) on a line by itself.

reply via email to

[Prev in Thread] Current Thread [Next in Thread]