Rob McCool (
Tue, 18 Jan 1994 15:57:47 -0600

* CGI and REMOTE_USER by Markus Stumpf (
* written on Jan 18, 10:34pm.
* I have hacked rfc931 identification into the NCSA httpd-1.0 code.
* No big deal :) I've used the rfc931.c from tcp-wrappers package and added
* one line to httpd.c.
* For those unfamiliar with rfc931: this makes a connection back to
* the client host and tries to contact an indent daemon which provides
* the username of the user owning the client socket.
* We want to use this feature to gain more information on (mostly local)
* users using scripts (for sending mail to webmaster, etc.).
* I'd like to provide this information within the CGI scripts, but it looks
* like REMOTE_USER is the wrong variable. To be true, I think REMOTE_USER
* would be the correct one but the current name for what it is used for
* is misleading and should be changed to AUTH_USER :)
* As like I read the spec the real user on the client side and the user
* that should be authenticated mustn't necessarily be the same, right?

Yes, that's right. Despite the fact that the name is misleading I would
prefer not to change the usage of REMOTE_USER since it is not backward
compatible change and we promised no more of those. What about using
REMOTE_LOGNAME or something like that for the identd-given username?