Menu
▾
▴
slashcode-general
|
From: George C. <ga...@sp...> - 2006-03-17 01:02:21
|
Hi all, Has anyone out there looked into using Apache authentication for userid/password validation? Or using mod_auth_mysql against the Slash database? Any other approaches? Our organization has several web applications. I really need to figure out a single signon capability. We use TWiki and Slash along with some static protection on e-mail list archives, etc. I've written up an external script that can synchronize all the ids and passwords. But one password change through the web interface and confusion results. Thanks, George Clark |
|
From: Alessio B. <al...@se...> - 2006-03-19 17:50:27
|
On 17/mar/06, at 02:02, George Clark wrote: > Has anyone out there looked into using Apache authentication for > userid/password validation? Or using mod_auth_mysql against the Slash > database? Any other approaches? > > Our organization has several web applications. I really need to > figure out a > single signon capability. I have a system working more or less this way, using mod_auth_mysql to read the Slash database. The directory containing the site statistics (managed by webalizer) is only accessible to administrators, i.e. Slash users with a seclev >= 10000. <Location /stats> AuthName "Admin" AuthType Basic AuthGroupFile /dev/null AuthMySQLHost localhost AuthMySQLDB database AuthMySQLUser user AuthMySQLPassword pass AuthMySQLUserTable users AuthMySQLNameField nickname AuthMySQLPasswordField passwd AuthMySQLMD5Passwords On AuthMySQLUserCondition seclev>=10000 require valid-user </Location> -- Alessio F. Bragadini al...@se... |
|
From: Clifton W. <cli...@gm...> - 2006-03-20 14:19:39
|
Ah! Nice! And simple, too. Thanks for that tip, Alessio. On 3/19/06, Alessio Bragadini <al...@se...> wrote: > > On 17/mar/06, at 02:02, George Clark wrote: > > Has anyone out there looked into using Apache authentication for > userid/password validation? Or using mod_auth_mysql against the Slash > database? Any other approaches? > > Our organization has several web applications. I really need to figure > out a > single signon capability. > > > I have a system working more or less this way, using mod_auth_mysql to > read the Slash database. The directory containing the site statistics > (managed by webalizer) is only accessible to administrators, i.e. Slash > users with a seclev >=3D 10000. > <Location /stats> > AuthName "Admin" > AuthType Basic > AuthGroupFile /dev/null > AuthMySQLHost localhost > AuthMySQLDB database > AuthMySQLUser user > AuthMySQLPassword pass > AuthMySQLUserTable users > AuthMySQLNameField nickname > AuthMySQLPasswordField passwd > AuthMySQLMD5Passwords On > AuthMySQLUserCondition seclev>=3D10000 > require valid-user > </Location> > > -- > Alessio F. Bragadini al...@se... > > |
|
From: George C. <ga...@sp...> - 2006-03-23 03:26:12
|
** Reply to message from "Clifton Wood" <cli...@gm...> on Mon, 20 Mar 2006 09:19:32 -0500 To all who replied to my request for suggestions on mod_auth_mysql and Slash integration into other authentication systems, thanks! I was away for a few days with limited net access and wasn't able to reply individually. I appreciate the help. George |
|
From: shane <sh...@lo...> - 2006-10-07 21:38:26
|
Anyone know if you can base the UserCondition off the results from a
stored procedure or function?
I hate basing anything in slashcode on seclev, because it's limiting.
But ACL's, ah, you can do so much with them.
What I was thinking was something like
AuthMySQLUserCondition CALL hasACL('statsaccess')
where the function hasACL would look at the users_acl table and
return 1/0.
Shane
On Mar 20, 2006, at 9:19 AM, Clifton Wood wrote:
> Ah! Nice!
>
> And simple, too. Thanks for that tip, Alessio.
>
> On 3/19/06, Alessio Bragadini <al...@se... > wrote:
> On 17/mar/06, at 02:02, George Clark wrote:
>
>> Has anyone out there looked into using Apache authentication for
>> userid/password validation? Or using mod_auth_mysql against the
>> Slash
>> database? Any other approaches?
>>
>> Our organization has several web applications. I really need to
>> figure out a
>> single signon capability.
>
> I have a system working more or less this way, using mod_auth_mysql
> to read the Slash database. The directory containing the site
> statistics (managed by webalizer) is only accessible to
> administrators, i.e. Slash users with a seclev >= 10000.
>
> <Location /stats>
> AuthName "Admin"
> AuthType Basic
> AuthGroupFile /dev/null
> AuthMySQLHost localhost
> AuthMySQLDB database
> AuthMySQLUser user
> AuthMySQLPassword pass
> AuthMySQLUserTable users
> AuthMySQLNameField nickname
> AuthMySQLPasswordField passwd
> AuthMySQLMD5Passwords On
> AuthMySQLUserCondition seclev>=10000
> require valid-user
> </Location>
>
> --
> Alessio F. Bragadini al...@se...
>
>
|
|
From: Clifton W. <cli...@gm...> - 2006-10-08 00:49:43
|
That's a bit tricky. Someone would need to look at how mod_auth_mysql works
and see about adding a custom directive to do that. It wouldn't be wise to
add it to mod_auth_mysql because it isn't portable, and I don't know if it
is possible to link a custom perl module into mod_auth_mysql's validation
chain.
Best way I could think to do it would be to use a custom PerlAccessHandler
to do the ACL checking in addition to the mod_auth_mysql directives.
So, something like this *MIGHT* work:
Require Slash::ACL
<Location /stats>
AuthName "Admin"
AuthType Basic
AuthGroupFile /dev/null
AuthMySQLHost localhost
AuthMySQLDB database
AuthMySQLUser user
AuthMySQLPassword pass
AuthMySQLUserTable users
AuthMySQLNameField nickname
AuthMySQLPasswordField passwd
AuthMySQLMD5Passwords On
AuthMySQLUserCondition seclev>=10000
PerlAccessHandler Slash::ACLCheck::verify
PerlSetVar ReqACL statsaccess
require valid-user
</Location>
Where Slash::ACLCheck uses $ENV{REMOTE_USER} (hopefully it's even set by
this point) to do the check.
I'm sure there are problems that would need to be worked out (if
$ENV{REMOTE_USER} isn't available, how can we find out the proper username).
Other than that, I don't see any real showstoppers. Slash::ACLCheck would be
fairly easy to write, otherwise.
Would be a nice addition.
- Cliff
On 10/7/06, shane <sh...@lo...> wrote:
>
> Anyone know if you can base the UserCondition off the results from a
> stored procedure or function?
> I hate basing anything in slashcode on seclev, because it's limiting. But
> ACL's, ah, you can do so much with them.
>
> What I was thinking was something like
>
> AuthMySQLUserCondition CALL hasACL('statsaccess')
>
> where the function hasACL would look at the users_acl table and return
> 1/0.
>
> Shane
>
>
> On 3/19/06, Alessio Bragadini <al...@se... > wrote:
> >
> > On 17/mar/06, at 02:02, George Clark wrote:
> >
> > Has anyone out there looked into using Apache authentication for
> > userid/password validation? Or using mod_auth_mysql against the Slash
> > database? Any other approaches?
> >
> > Our organization has several web applications. I really need to figure
> > out a
> > single signon capability.
> >
> >
> > I have a system working more or less this way, using mod_auth_mysql to
> > read the Slash database. The directory containing the site statistics
> > (managed by webalizer) is only accessible to administrators, i.e. Slash
> > users with a seclev >= 10000.
> > <Location /stats>
> > AuthName "Admin"
> > AuthType Basic
> > AuthGroupFile /dev/null
> > AuthMySQLHost localhost
> > AuthMySQLDB database
> > AuthMySQLUser user
> > AuthMySQLPassword pass
> > AuthMySQLUserTable users
> > AuthMySQLNameField nickname
> > AuthMySQLPasswordField passwd
> > AuthMySQLMD5Passwords On
> > AuthMySQLUserCondition seclev>=10000
> > require valid-user
> > </Location>
> >
> > --
> > Alessio F. Bragadini al...@se...
> >
> >
> _______________________________________________
> Slashcode-general mailing list
> Sla...@li...
> https://lists.sourceforge.net/lists/listinfo/slashcode-general
>
>
>
|
Thanks for helping keep SourceForge clean.
X