[UFO Chicago] Apache case-insensitive username matching with .htaccess directives?

Tue Apr 14 10:11:44 PDT 2009

I am not sure if Apache has the built in functionality you seek, but
can't you just use some scripting to achieve your goal? Are you using
anything more than Apache on your web server such as perl, php, asp,
jsp, etc? If so, I believe all of those languages have string
functions / methods tolower() or tocaps() or some variation of such
functions.

You can make a simple log in page and format the user data however you
please. If you are only using Apache and don't want a dynamic web page
generator, javascript should be able to do the work too.

Eric

On 4/14/09, Jay F Shachter <jay at m5.chicago.il.us> wrote:
> As the title of this electronic mail message
> implies, this is an Apache question more than a
> operating-system question, but I believe that most
> Apache administrators are also users of free
> operating systems, so my use of ufo at ufo.chicago.il.us
> for this question is not, I hope, inapt.
>
> I wish to restrict access to a certain directory on
> a webserver, such that only users who supply a valid
> username and password can see the documents stored
> in that directory.  Encryption of the username and
> password is not required, nor is encryption of the
> protected content.
>
> This is a very modest requirement, and it can be very
> easily met.  I create an .htaccess file in the
> directory, containing the following:
>
>   AuthName [a name appears here]
>   AuthType Basic
>   AuthUserFile [the name of an .htpasswd file]
>   <Limit GET POST>
>   require valid-user
>   </Limit>
>
> So far, this is all very elementary.  But I have one
> more requirement.  I want username authentication to
> occur in a case-insensitive manner.  Thus, if "jay"
> is an authorized user, when jay's browser pops up
> a window asking for name and password, I want jay to
> be able to type "jay", or "Jay", or "JAY", or even
> "JaY", and I want all of them to map to the line in
> the .htpasswd file beginning with "jay:".
>
> The password, in contrast, should be case-sensitive.
>
> I can find no way of doing this, short of changing
> code in mod_ntlm.c and recompiling apache, but that
> would be a sledgehammer solution to a problem
> requiring a paperclip.  This is perhaps an imperfect
> metaphor, but you get my point.  The idea is not to
> make all of apache's username authentication case-
> insensitive -- just to do so for one particular
> directory.
>
> It stands to reason that there should be something
> that one can put into the .htaccess file to request
> this functionality, but I have looked for such a
> thing, and have not found it.  The only solution I
> have come up with is completely impractical: to have
> separate lines in the .htpasswd file for each
> variation of a username, all containing the same
> encrypted password to the right of the colon.
> But this is, of course, utterly bogus. It would
> require, e.g., 1024 different lines for a 10-letter
> username.
>
> I retain hope that there is some poorly-documented,
> or, perhaps, undocumented, feature that provides the
> functionality I seek, because I do not think the
> request is unreasonable, and I cannot possibly be
> the first person who has sought this functionality.
> Any replies will be most appreciated, and I thank you
> in advance for them all.
>
>
> 			Jay F. Shachter
> 			6424 N Whipple St
> 			Chicago IL  60645-4111
> 				(1-773)7613784
> 				jay at m5.chicago.il.us
> 				http://m5.chicago.il.us
>
> 			"Quidquid latine dictum sit, altum videtur"
> _______________________________________________
> UFO Chicago -- Users of Free Operating Systems
> Free Software Rules -- Proprietary Drools!
> http://ufo.chicago.il.us/cgi-bin/mailman/listinfo/ufo
>

-- 
Eric Ellington
e.ellington at gmail.com