httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Igor Galić <i.ga...@brainsware.org>
Subject Re: [users@httpd] HTTP authentication using HTTP
Date Tue, 11 Jan 2011 10:20:11 GMT

----- "Devraj Mukherjee" <devraj@gmail.com> wrote:

> Hi Anders,
> 
> Depending on what the directories contains (eg. your app) I would
> nearly be tempted to using OAuth or one of the open authentication
> protocols.

+1 on that.

I've been thinking of doing this kind of thing using things like:
http://httpd.apache.org/docs/trunk/mod/mod_auth_form.html
http://httpd.apache.org/docs/trunk/mod/mod_lua.html

There's a couple of OAuth implementations available in Lua
e.g.: https://github.com/fperrad/LuaOAuth#readme

> I realise that its not the same as Basic authentication where the
> authenticated session is generated by another server.

Basic seems very inappropriate these days for many things.
Most of all the fact that it lacks a logout, that it transfers
creds in clear-text -- and at every request.

> Just my two cents worth!
> 
> On Tue, Jan 11, 2011 at 8:52 PM, Anders Melchiorsen
> <mail@spoon.kalibalik.dk> wrote:
> > Hi.
> >
> > I want to password protect some directories by forwarding the HTTP
> > authentication to a different URL. That is, rather than using LDAP
> or MySQL
> > as a backend, I want to use a CGI script (possibly on a different
> server).
> >
> > Searching high and low has not helped me -- "http authentication"
> mostly
> > turns up discussions on the htpasswd syntax.
> >
> > As I was unable to find any official way, I made this test module,
> >
> >   http://www.kalibalik.dk/anders/software/mod_authn_http/
> >
> > but it would need some work before I can use it for real (it
> currently
> > forks a curl process to forward the request).
> >
> > So, my question is: how can I do this with just standard modules?

ErrorDocument 401 URI

See:
http://httpd.apache.org/docs/current/mod/core.html#errordocument

> > Thanks,
> > Anders.

i


-- 
Igor Galić

Tel: +43 (0) 664 886 22 883
Mail: i.galic@brainsware.org
URL: http://brainsware.org/

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message