[Previous] [Next] [Index]
[Thread]
Re: Apache authentication module
We have done something like this as part of our ILU Requester. Basically,
there is an object requester inside the web server, and requests to
resources that are protected trigger a call to an externally-published
object. This implements the logic of the authentication.
Not sure, but this might be possible with the FastCGI work on Apache. With
either of these approaches, the server code wouldn't have to be hacked --
you wouldn't even be writing server API programs.
Paul Everitt Digital Creations
paul@digicool.com 540.371.6909
"."
----------
> From: scott hollatz <shollatz@d.umn.edu>
> To: www-security@ns2.rutgers.edu
> Cc: shollatz@d.umn.edu
> Subject: Apache authentication module
> Date: Thursday, July 25, 1996 10:25 AM
>
> This is not about cookies! :-)
>
> We have been considering writing an authentication module for the Apache
HTTP
> server which queries an authentication server (tacacs) on a different
host.
>
> There are two approaches: write a correct module following the Apache
API or
> hack the server code to open a pipe to a tacacs client.
>
> I am favoring the latter because the Apache API documentation isn't
clear.
> In either case, it's not clear to me (after 20 minutes of looking) where
> the Apache Basic authentication begins in the source code (I have a good
idea).
>
> Ideally, I would like to create a new authentication type: AuthType
tacacs .
>
> My question to the list is: does anyone have experience writing modules
> (in particular, authentication modules) for the Apache HTTP server?
>
> Any information is appreciated.
> --
> scott hollatz internet shollatz@d.umn.edu
> information services, systems telephone +1 218 726 8851
> university of minnesota-duluth mn usa fax +1 218 726 7674