perl-modperl mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From André Warnier (tomcat) ...@ice-sa.com>
Subject Re: [a bit OT] AuthCookieDBI and Apache 2.4
Date Thu, 21 Feb 2019 09:41:14 GMT
On 21.02.2019 00:01, Paul B. Henson wrote:
> On Wed, Feb 20, 2019 at 05:56:48PM -0500, Edward J. Sabol wrote:
>
>> Any pointers to a working AuthzProvider written in Perl (like for the
>> "species" one) in your examples? It's not perfectly clear to me how to
>> go about that.
>
> I wrote one for CAS auth a while back:
>
> https://github.com/pbhenson/Apache2-AuthCASpbh/blob/master/lib/Apache2/AuthCASpbh/Authz.pm
>

Nice example.

What I found a bit "jarring" when I ported my own auth/authz modules (*) to Apache 2.4, is

this : with Apache 2.4,

1) the "authz" function is now called *first* (before any authentication module has been 
called - even non-perl add-on ones),
and
2) it *can* be called 2 or more times during the same request cycle
and
3) the "authz" function, in Apache 2.4, is much more "at the mercy" of whatever 
Authentication module is being called, and what it does precisely (e.g. /if/ and /when/ it

sets $r->user)
and
4) the precise formulation (and imbrication) of the <Require> sections and directives
is 
very important
and
5) there seems to be no real mod_perl-level (or even Apache-httpd-level) documentation 
available, which explains the above in a general context, rather than for any specific 
perl module.
A good explanation is provided by Michael Schout in 
https://metacpan.org/pod/distribution/Apache-AuthCookie/README.apache-2.4.pod, and this 
should be "required reading" for anyone playing with AAA under Apache 2.4; but it is still

somewhat oriented to the specific (and otherwise excellent, I never tire of repeating 
that) Apache2::AuthCookie module.
It would be good to integrate some version of this directly in the on-line mod_perl 
documentation, but it is a bit obscure how to go about that.

(*) sorry, not really in a shape or style where I would be willing to share them 
universally; but on a one-to-one base, I would not mind if anyone is interested.


Mime
View raw message