You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@httpd.apache.org by Anders Melchiorsen <ma...@spoon.kalibalik.dk> on 2011/01/11 10:52:16 UTC

[users@httpd] HTTP authentication using HTTP

Hi.

I want to password protect some directories by forwarding the HTTP
authentication to a different URL. That is, rather than using LDAP or MySQL
as a backend, I want to use a CGI script (possibly on a different server).

Searching high and low has not helped me -- "http authentication" mostly
turns up discussions on the htpasswd syntax.

As I was unable to find any official way, I made this test module,

   http://www.kalibalik.dk/anders/software/mod_authn_http/

but it would need some work before I can use it for real (it currently
forks a curl process to forward the request).

So, my question is: how can I do this with just standard modules?


Thanks,
Anders.


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: [users@httpd] HTTP authentication using HTTP

Posted by Anders Melchiorsen <ma...@spoon.kalibalik.dk>.

On Wed, 12 Jan 2011 00:33:42 -0500, Scott Gifford
<sg...@suspectclass.com>:

> Tue, Jan 11, 2011 at 4:52 AM, Anders Melchiorsen
<mail@spoon.kalibalik.dk:
>
>> I want to password protect some directories by forwarding the HTTP
>> authentication to a different URL. That is, rather than using LDAP or
>> MySQL as a backend, I want to use a CGI script (possibly on a different
>> server).
>>
>
> You can do this with mod_perl and one of these modules:
>
> http://search.cpan.org/~chansen/Authen-Simple-HTTP-0.2
> http://search.cpan.org/~chansen/Authen-Simple-0.4

I was not aware of these modules, thank you for bringing them to my
attention. It is nice to know that I am not alone in wanting this feature.

However, Perl might not be acceptable everywhere that I want to use this,
so it is a bit of an unfortunate dependency.


Best regards,
Anders


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: [users@httpd] HTTP authentication using HTTP

Posted by Scott Gifford <sg...@suspectclass.com>.

On Tue, Jan 11, 2011 at 4:52 AM, Anders Melchiorsen <mail@spoon.kalibalik.dk
> wrote:

> Hi.
>
> I want to password protect some directories by forwarding the HTTP
> authentication to a different URL. That is, rather than using LDAP or MySQL
> as a backend, I want to use a CGI script (possibly on a different server).
>

You can do this with mod_perl and one of these modules:

http://search.cpan.org/~chansen/Authen-Simple-HTTP-0.2
http://search.cpan.org/~chansen/Authen-Simple-0.4

Both can be used directly in the Apache configuration file and behave like
Apache authentication handlers.

The second module requires a bit more work to set up, but can support
caching, which can be useful depending on your setting.

I have been using a module which is a slightly customized blend of the two
for several years now with great success.

Hope this helps!

----Scott.

Re: [users@httpd] HTTP authentication using HTTP

Posted by Devraj Mukherjee <de...@gmail.com>.

Hi Anders,

Depending on what the directories contains (eg. your app) I would
nearly be tempted to using OAuth or one of the open authentication
protocols.

I realise that its not the same as Basic authentication where the
authenticated session is generated by another server.

Just my two cents worth!

On Tue, Jan 11, 2011 at 8:52 PM, Anders Melchiorsen
<ma...@spoon.kalibalik.dk> wrote:
> Hi.
>
> I want to password protect some directories by forwarding the HTTP
> authentication to a different URL. That is, rather than using LDAP or MySQL
> as a backend, I want to use a CGI script (possibly on a different server).
>
> Searching high and low has not helped me -- "http authentication" mostly
> turns up discussions on the htpasswd syntax.
>
> As I was unable to find any official way, I made this test module,
>
>   http://www.kalibalik.dk/anders/software/mod_authn_http/
>
> but it would need some work before I can use it for real (it currently
> forks a curl process to forward the request).
>
> So, my question is: how can I do this with just standard modules?
>
>
> Thanks,
> Anders.
>
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>   "   from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org