[2624] in WWW Security List Archive
Re: Apache authentication mo
daemon@ATHENA.MIT.EDU (Mike Yost)
Thu Aug 15 12:53:11 1996
Date: 15 Aug 1996 10:49:53 -0400
From: "Mike Yost" <mike_yost@qmail.newbridge.com>
To: shollatz@d.umn.edu, www-security@ns2.rutgers.edu
Errors-To: owner-www-security@ns2.rutgers.edu
Reply to: RE>Apache authentication module
Scott,
I have written several Apache auth modules. I wrote one a year ago
before Apache was a modular server, and have written the modular
version. Both of these are against sybase databases. It's pretty simple,
as others have stated.
You essentially need to answer three questions:
1. Is the supplied username in the database.
2. If so, is the supplied password the correct password for the username.
3. Is the username in ANY of the groups in the group list from the
.htacess file.
If your database functions can answer these questions, you can put
together a simple authentication scheme. If you want persistent
database connects, you have more complex work to do.
Let me know if you want more details.
Mike Yost
Senior Software Engineer
Newbridge Networks Corp.
(703) 708-5933
--------------------------------------
Date: 7/26/96 12:56 PM
To: Mike Yost
From: scott hollatz
This is not about cookies! :-)
We have been considering writing an authentication module for the Apache HTTP
server which queries an authentication server (tacacs) on a different host.
There are two approaches: write a correct module following the Apache API or
hack the server code to open a pipe to a tacacs client.
I am favoring the latter because the Apache API documentation isn't clear.
In either case, it's not clear to me (after 20 minutes of looking) where
the Apache Basic authentication begins in the source code (I have a good
idea).
Ideally, I would like to create a new authentication type: AuthType tacacs .
My question to the list is: does anyone have experience writing modules
(in particular, authentication modules) for the Apache HTTP server?
Any information is appreciated.
--
scott hollatz internet shollatz@d.umn.edu
information services, systems telephone +1 218 726 8851
university of minnesota-duluth mn usa fax +1 218 726 7674
