Menu
▾
▴
authentication in a cgi context
|
From: David L. <dl...@us...> - 2000-06-04 12:16:29
|
I am looking for a clean way to securely authenticate a cgi script to LDAP. Here are a couple scenarios that I could use some help with: Scenario 1: 1) User brings up an authenticated cgi in their browser 2) The web server prompts for username & passwd, authenticates the user, and runs the cgi 3) The cgi binds to the LDAP server as the authenticated user 4) User pulls data, makes changes, etc... I don't care much what method of authentication is used (Unix, LDAP, Kerberos, etc...) It seems like Kerberos would be appropriate in this case, but does perl-ldap support kerberos? Scenario 2: 1) User hits the authenticated cgi 2) The web server authenticates the user and runs the cgi 3) The cgi binds to the LDAP server as a predefined user, ie. "webadmin". 4) User pulls data, makes changes, etc... and the LDAP server thinks it's "webadmin" that's doing all the work. The trick here is that I don't want the password for "webadmin" to be accessible to users. The way I have it now, anyone looking can bind to the LDAP server as "webadmin" after looking at the cgi source. Is there any way to set this up so that the password is not opaque? Thanks, -David |
