Provided by: thy_0.9.4-1_i386 bug


       thy-auth - the Thy Authoriser protocol




       This manual page documents version 2 of the Thy Authorisation Protocol.
       It is expected that the protocol will not change in the future, and the
       current specification is safe to use.

       The  protocol  is  really  simple: Thy sends a command, then a newline,
       then the number of arguments, another newline, then all the  arguments,
       separated by newlines. Responses look similar.

       The   standard   is   that  1  responses  indicate  positiveness  (user
       authorised, authentication needed, protocol  version  supported,  etc),
       while  0  indicates  a  negative  response.  A zero response may not be
       followed by other responses to the same command.

       Unknown commands must be answered by a single zero response.


       All commands take at least  one  argument:  the  number  of  arguments.
       Whether  this is passed down to the handler function, is implementation

              This command takes exactly one argument - the version number  of
              the  Authoriser  protocol  the  other end wants to speak. If the
              Authoriser supports the protocol, it  must  respond  with  1,  0

       QUIT   This  command  does  not  take any arguments. When received, the
              Authoriser must shut itself down.

       AUTH   This command takes five arguments: the username,  the  password,
              the  realm, a filename and an authfile. The filename is the full
              path to the requested (and protected) file,  while  authfile  is
              the  full  path to the file Thy should authorise against (.realm
              or .htaccess for example).

              The handler can use any of these  to  authorise  the  user,  and
              respond with a 1 if he may pass, with a 0 otherwise.

       CHECK  This  command  takes  only  one  argument:  the  filename of the
              so-called realm file. Then,  it  verifies  if  authorisation  is
              needed,  and when not, responds with 0. If yes, responds with 1,
              followed by the length of the realm, then the realm itself.

              Please note that when authorisation  is  not  needed,  only  one
              response should be sent, not three.


       In  the  example sessions below, T indicates lines sent by Thy, A flags

   Version mismatch
              T: VERSION
              T: 1
              T: 2

              A: 0

   A full session, with successful authorisation
              T: VERSION
              T: 1
              T: 1

              A: 1

              T: CHECK
              T: 1
              T: /var/www/admin/.realm

              A: 1
              A: 3
              A: foo

              T: AUTH
              T: 4
              T: test
              T: easy_password
              T: foo
              T: /var/www/admin/index.html

              A: 1

              T: QUIT


   Changes since Version 1
       The only change from protocol version one  is  that  the  AUTH  command
       takes a fifth argument: authfile.


       Probably many.


       Gergely Nagy <>