whimsical-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From curc...@apache.org
Subject [whimsy] branch master updated: Put auth doc in one place
Date Mon, 05 Jun 2017 14:43:39 GMT
This is an automated email from the ASF dual-hosted git repository.

curcuru pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/whimsy.git

The following commit(s) were added to refs/heads/master by this push:
     new c9312e7  Put auth doc in one place
c9312e7 is described below

commit c9312e72f7e5318a838e56e1ffb66a8eef15710d
Author: Shane Curcuru <asf@shanecurcuru.org>
AuthorDate: Mon Jun 5 10:43:34 2017 -0400

    Put auth doc in one place
 README.md | 16 +---------------
 1 file changed, 1 insertion(+), 15 deletions(-)

diff --git a/README.md b/README.md
index ef73f39..5df62aa 100644
--- a/README.md
+++ b/README.md
@@ -55,21 +55,7 @@ Details for each type of deployed tool or script:
- * **Authentication for CGI Scripts** User authentication for any CGI 
-   script is provided by the http server's LDAP module, and can be 
-   done by by adding the path to the CGI in the deployment descriptor
-   for the server under the appropriate `authldap` realm:
-    https://github.com/apache/infrastructure-puppet/blob/deployment/data/nodes/whimsy-vm4.apache.org.yaml#L127
-   Note that the LDAP module does not currently handle boolean conditions
-   (example: members or officers).  The way to handle this is to do
-   authentication in two passes.  The first pass will be done by the Apache
-   http server, and verify that the user is a part of the most inclusive group
-   (typically: committers).  The CGI scripts that need to do more authorization will need
-   perform additional checks, and output a "Status: 401 Unauthorized" as the
-   first line of their output if access to this tool is not permitted for the
-   user (example script: www/officers/acreq.cgi).
+ * **Authentication for CGI Scripts** See the [DEVELOPMENT.md FAQ](./DEVELOPMENT.md#how-to-authenticateauthorize-your-scripts).
  * **Rack applications** run under
    [Phusion Passenger](https://www.phusionpassenger.com/) under Apache httpd.

To stop receiving notification emails like this one, please contact
['"commits@whimsical.apache.org" <commits@whimsical.apache.org>'].

View raw message