That's a bit tricky. Someone would need to look at how mod_auth_mysql works and see about adding a custom directive to do that. It wouldn't be wise to add it to mod_auth_mysql because it isn't portable, and I don't know if it is possible to link a custom perl module into mod_auth_mysql's validation chain.
Best way I could think to do it would be to use a custom PerlAccessHandler to do the ACL checking in addition to the mod_auth_mysql directives.
So, something like this *MIGHT* work:
Anyone know if you can base the UserCondition off the results from a stored procedure or function?_______________________________________________I hate basing anything in slashcode on seclev, because it's limiting. But ACL's, ah, you can do so much with them.What I was thinking was something likeAuthMySQLUserCondition CALL hasACL('statsaccess')where the function hasACL would look at the users_acl table and return 1/0.ShaneOn 3/19/06, Alessio Bragadini <email@example.com > wrote:On 17/mar/06, at 02:02, George Clark wrote:Has anyone out there looked into using Apache authentication foruserid/password validation? Or using mod_auth_mysql against the Slashdatabase? Any other approaches?Our organization has several web applications. I really need to figure out asingle signon capability.I have a system working more or less this way, using mod_auth_mysql to read the Slash database. The directory containing the site statistics (managed by webalizer) is only accessible to administrators, i.e. Slash users with a seclev >= 10000.<Location /stats>AuthName "Admin"AuthType BasicAuthGroupFile /dev/nullAuthMySQLHost localhostAuthMySQLDB databaseAuthMySQLUser userAuthMySQLPassword passAuthMySQLUserTable usersAuthMySQLNameField nicknameAuthMySQLPasswordField passwdAuthMySQLMD5Passwords OnAuthMySQLUserCondition seclev>=10000require valid-user</Location>
Slashcode-general mailing list