[TriLUG] mod_auth_somethingorother

Pat Regan thehead at patshead.com
Thu Jul 14 13:13:56 EDT 2005


Craig Duncan wrote:
> Brian Henning wrote:
> 
>> Hi List,
>>   From a previous employment, I recall an apache module (I think)
>> called mod_auth_pl, or mod_auth_perl, or some such.  I also remember
>> the website I was working on for that job having a login widget on the
>> page that took the place of the default browser pop-up authentication
>> dialog, but still managed (iirc) to interact with the apache
>> authentication model (i.e. I don't remember there being any fancy
>> footwork other than .htaccess files to control access, still used
>> Basic auth, but used the .
>> page's widget instead of the browser's pop-up).
>>
>> I really want to do that for some web pages here.  Have a default
>> login page, instead of having the browser pop up the auth dialog.  Am
>> I remembering poorly, or is that easy to do?  I still want my PHP
>> scripts to be able to use things like $_SERVER["REMOTE_USER"] and such.
>>
>> Thanks for the advice, folks!
>>
>> ~Brian
> 
> Since you are using PHP, I would consider using PHP to handle the
> authentication. If you insist on using http authentication take a look
> at http://us2.php.net/manual/en/features.http-auth.php, but I think you
> will find that using sessions and you own authentication mechanism much
> more managable.
> 
> Craig

AuthCookie is useful because it move the authentication out of your
application.  You still get a session cookie but you also get to use
Apache to secure static pages with the same login session.

AuthCookie is called before your application since it integrates with
Apache's authentication mechanisms.  If your session is good it passes
you to the page.  If the session is expired, invalid, whatever, you get
redirected to a login page.  Once you log in you will be directed back
to what you were trying to do.

I do not know if there is a similar package written in PHP or not, but
since AuthCookie is completely seperate from the application there isn't
a whole lot of reason not to use it.  That is of course assuming her has
mod_perl available.

Pat
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: OpenPGP digital signature
URL: <http://www.trilug.org/pipermail/trilug/attachments/20050714/ec2ab8db/attachment.pgp>


More information about the TriLUG mailing list