I am trying to use a Perl script to check authentication of users. I am looking at providing direct linking to the reports from an internal 'maintenance' screen (user is already authenticated via internal methods).

According to the session.conf file, success is 0 and failure is 1. According to the PDF documentation (page 186), 0 is success and failure is -1.

I have the following settings:
Remote Report Access on
Remote Administration on
Direct Report Linking on

The authentication routine is set to:
AUTHENTICATION: ../bin/keywebauth.pl

and here is keywebauth.pl:
#!/usr/bin/perl
local ($account,$pw) =@_;
exit 1 if ($account eq "" || $pw eq "");
$good=1;

$pw1=`grep $account: /path/to/password/file`;
$pw1=~ s/n//;
$good=1;
($acct,$password)=split(/:/, $pw1);
$salt = substr $password, 0 , 2;
$good = 0 if (crypt($pw,$salt) eq $password);
exit $good;


With this code, the admin account no longer has access (I assume because it now needs to be set up in the internal authentication password file), but also the account I test with (that IS in the file), gets the log-in screen saying to "Log-in Again".

If initially we have to have the clients log into the Urchin site (using the passwords from our local file), that is fine. But what we would like to do is to have direct linking to the reports where the authenticated client can only see their reports (and not be able to get a profile/userid from another client and view their reports).

The documentation is a little confusing about how to implement this correctly.

Also when I have direct report linking turned on, there is no way to lock out unauthorized users from viewing all client's reports.