Re: HTTP authentication using HTTP

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

----- "Devraj Mukherjee" <devraj@xxxxxxxxx> wrote:

> Hi Anders,
> 
> Depending on what the directories contains (eg. your app) I would
> nearly be tempted to using OAuth or one of the open authentication
> protocols.

+1 on that.

I've been thinking of doing this kind of thing using things like:
http://httpd.apache.org/docs/trunk/mod/mod_auth_form.html
http://httpd.apache.org/docs/trunk/mod/mod_lua.html

There's a couple of OAuth implementations available in Lua
e.g.: https://github.com/fperrad/LuaOAuth#readme

> I realise that its not the same as Basic authentication where the
> authenticated session is generated by another server.

Basic seems very inappropriate these days for many things.
Most of all the fact that it lacks a logout, that it transfers
creds in clear-text -- and at every request.

> Just my two cents worth!
> 
> On Tue, Jan 11, 2011 at 8:52 PM, Anders Melchiorsen
> <mail@xxxxxxxxxxxxxxxxxx> wrote:
> > Hi.
> >
> > I want to password protect some directories by forwarding the HTTP
> > authentication to a different URL. That is, rather than using LDAP
> or MySQL
> > as a backend, I want to use a CGI script (possibly on a different
> server).
> >
> > Searching high and low has not helped me -- "http authentication"
> mostly
> > turns up discussions on the htpasswd syntax.
> >
> > As I was unable to find any official way, I made this test module,
> >
> > Â http://www.kalibalik.dk/anders/software/mod_authn_http/
> >
> > but it would need some work before I can use it for real (it
> currently
> > forks a curl process to forward the request).
> >
> > So, my question is: how can I do this with just standard modules?

ErrorDocument 401 URI

See:
http://httpd.apache.org/docs/current/mod/core.html#errordocument

> > Thanks,
> > Anders.

i


-- 
Igor GaliÄ

Tel: +43 (0) 664 886 22 883
Mail: i.galic@xxxxxxxxxxxxxx
URL: http://brainsware.org/

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
   "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux