[Core-lan-org-devel] external auth

[Andy H. <ajh...@gw...>]

-----BEGIN PGP SIGNED MESSAGE-----

Just wondering, would this be hard to set up?

I'm thinking it wouldn't be.  

RT (request tracker) has it, for example, and it simply has an option:


# If $WebExternalAuth is defined, RT will defer to the environment's
# REMOTE_USER variable.

Set($WebExternalAuth , undef);

Could this be done in core as well?  The user still has to exist in the core db
of course, but you protect the core web directory with an .htaccess resembling
something like this:

AuthName        CORE
AuthType        BASIC
AuthGroupFile   /usr/local/etc/apache/.htgroup
AuthRadiusAuthoritative on
AuthRadiusCookieValid 0

        order deny,allow
        deny from all
        require group staff
        satisfy all

So the user would essentially not have a password in the core user database,
just the user information for group identity, etc.  I can see how the session
is created in the index.php, I'm just not good enough with php to fake it out.



~~ 
Andy Harrison
Great Works Internet
System Operations
ajh...@gw...
RSA 1024 pgp key: http://www.nachoz.com/andy.pub

-----BEGIN PGP SIGNATURE-----
Version: PGP 6.5.8

iQCVAwUBPoCyL1PEkLgodAWVAQHjKAP8C5ScGR8zxV5Lb5YxfmKe4pVGmUFAy8Li
uHj26uXs25bttCkl3SzOUZLPdP+kBDhpUYvfJCyx0sQLyMpshGPO5bgSGIqLFqhl
S1Bx0FAsi1gNdWFMWPBO1SXVvrYbukuDuKDrLf0UbZ9V6ZRZgY3zTGYNX8Z/oUTB
jux8dkXNXPw=
=Yn6K
-----END PGP SIGNATURE-----