[TriLUG] mod_auth_somethingorother

Owen Berry oberry at trilug.org
Thu Jul 14 09:58:05 EDT 2005


I would take a look at Apache::AuthCookie or Apache::AuthCookieDBI, if
you're authenticating via a database. As far as I can see/recall from a
project I worked on, you're basically telling Apache to use this instead
of the basic authentication popup. It will handle all the authentication
for you, and the cookie it creates is prepended with the username, if you
need to access it in your PHP code.

Not sure if this is what you were using, but it sounds like it would
fulfill your requirements.

Read all about it on CPAN:

http://search.cpan.org/search?query=authcookie&mode=all

BTW, you will need Apache to be modperl enabled for this.

-- Owen

On Thu, Jul 14, 2005 at 09:35:42AM -0400, Brian Henning wrote:
> Honestly, I have no idea.  All I have is a foggy memory (and lots of 
> black-box real-world examples out there) from a job that I left 3 years 
> ago, and I wasn't even particularly involved with the authentication 
> aspect of the site; it was just there and I want something like it.
> 
> So to generalize, I want something where I can continue to count on 
> Apache to serve up 403s for non-authenticated folks, but not have to 
> rely on the oh-so-tacky browser-default authentication dialog.  Is there 
> some trick I can pull in PHP to tell the browser "Here's the credentials 
> the user entered, so supply them and don't go asking the user for them"? 
>  Maybe some header() trickery?
> 
> Thanks continually,
> ~B
> 
> 
> Owen Berry wrote:
> >Are you maybe thinking of Apache::AuthCookieDBI? This is a Perl module.
> >
> >-- Owen
> >
> >On Thu, Jul 14, 2005 at 09:06:31AM -0400, Brian Henning wrote:
> >
> >>Hi List,
> >> From a previous employment, I recall an apache module (I think) 
> >>called mod_auth_pl, or mod_auth_perl, or some such.  I also remember the 
> >>website I was working on for that job having a login widget on the page 
> >>that took the place of the default browser pop-up authentication dialog, 
> >>but still managed (iirc) to interact with the apache authentication 
> >>model (i.e. I don't remember there being any fancy footwork other than 
> >>.htaccess files to control access, still used Basic auth, but used the 
> >>page's widget instead of the browser's pop-up).
> >>
> >>I really want to do that for some web pages here.  Have a default login 
> >>page, instead of having the browser pop up the auth dialog.  Am I 
> >>remembering poorly, or is that easy to do?  I still want my PHP scripts 
> >>to be able to use things like $_SERVER["REMOTE_USER"] and such.
> >>
> >>Thanks for the advice, folks!
> >>
> >>~Brian



More information about the TriLUG mailing list