You are viewing a plain text version of this content. The canonical link for it is here.
Posted to modperl@perl.apache.org by Christian Gilmore <Ch...@tivoli.com> on 2000/06/23 00:11:06 UTC
Group authorization information in a downstream chained handler
I'm trying to create a cache for group authorization. I'm wondering if
there's any way I can alter the requires information during the initial
authorization so that the cache building code can just pick from that which
group this person matches instead of re-authorizing during cache creation.
I'd like for the actual authorization handler to not need necessarily to be
tied to a cache, so doing the entire authorization and caching in one module
is not optimal, IMO. I'm going for the following (printed below on multiple
lines just for readability):
PerlAuthzHandler
Tivoli::Apache::AuthzCache
Tivoli::Apache::AuthzLDAP
Tivoli::Apache::AuthzCache::manage_cache
If the require line contains more than one group, I don't believe that I, by
default, have any way to know, even after AuthzLDAP has completed
successfully, of which group the client user is a member.
Any ideas? I intend to release all of these cache and LDAP auth modules when
complete and put through some testing internally.
Regards,
Christian
-----------------
Christian Gilmore
Infrastructure & Tools Team Lead
Web & Multimedia Development
Tivoli Systems, Inc.
Re: Group authorization information in a downstream chained handler
Posted by Doug MacEachern <do...@covalent.net>.
On Thu, 22 Jun 2000, Christian Gilmore wrote:
> I'm trying to create a cache for group authorization. I'm wondering if
> there's any way I can alter the requires information during the initial
> authorization so that the cache building code can just pick from that which
> group this person matches instead of re-authorizing during cache creation.
>
> I'd like for the actual authorization handler to not need necessarily to be
> tied to a cache, so doing the entire authorization and caching in one module
> is not optimal, IMO. I'm going for the following (printed below on multiple
> lines just for readability):
>
> PerlAuthzHandler
> Tivoli::Apache::AuthzCache
> Tivoli::Apache::AuthzLDAP
> Tivoli::Apache::AuthzCache::manage_cache
>
> If the require line contains more than one group, I don't believe that I, by
> default, have any way to know, even after AuthzLDAP has completed
> successfully, of which group the client user is a member.
>
> Any ideas? I intend to release all of these cache and LDAP auth modules when
> complete and put through some testing internally.
you can override the 'requires' directive using directive handlers, you'll
just need to manage the structure yourself.
RE: Group authorization information in a downstream chained hand
Posted by jb...@team-linux.com.
Take a look at my Apache::AuthenCache. You can stack modules. Someday I will
write Apache::AuthzCache which will do just what you want to do.
On 22-Jun-2000 Christian Gilmore wrote:
> I'm trying to create a cache for group authorization. I'm wondering if
> there's any way I can alter the requires information during the initial
> authorization so that the cache building code can just pick from that which
> group this person matches instead of re-authorizing during cache creation.
>
> I'd like for the actual authorization handler to not need necessarily to be
> tied to a cache, so doing the entire authorization and caching in one module
> is not optimal, IMO. I'm going for the following (printed below on multiple
> lines just for readability):
>
> PerlAuthzHandler
> Tivoli::Apache::AuthzCache
> Tivoli::Apache::AuthzLDAP
> Tivoli::Apache::AuthzCache::manage_cache
>
> If the require line contains more than one group, I don't believe that I, by
> default, have any way to know, even after AuthzLDAP has completed
> successfully, of which group the client user is a member.
>
> Any ideas? I intend to release all of these cache and LDAP auth modules when
> complete and put through some testing internally.
>
> Regards,
> Christian
>
> -----------------
> Christian Gilmore
> Infrastructure & Tools Team Lead
> Web & Multimedia Development
> Tivoli Systems, Inc.
--
Jason Bodnar + jbodnar@team-linux.com + Team Linux
Asleep at the switch! I wasn't asleep! I was drunk!
-- Homer Simpson
Homer the Vigilante