SPUG: Re: mod_perl auth questions

Richard Anderson Richard.Anderson at raycosoft.com
Sat Jul 14 15:50:37 CDT 2001


I did this recently, and build a fairly sophisticated system using a
modified version of Apache::AuthCookie.  The only hard part was getting the
Apache config file right.  This method had the advantage of giving me
complete control over the authentication and authorization process.  My
experience with the code in the Eagle book is that it is buggy and several
different groups have had problems trying to implement it.

Good luck!
Richard

----- Original Message -----
From: "El JoPe Magnifico" <jope-spug at jope.net>
To: "Seattle Perl Users Group" <spug-list at pm.org>
Sent: Saturday, July 14, 2001 1:02 PM
Subject: SPUG: mod_perl auth questions


> I'm writing a mod_perl authentication handler, and have run across a
> couple annoyances that don't seem to be covered in the eagle book or
> any of the POD that I've read so far.
>
> 1. While processing most requests, handler() is being called three times.
>    The only exception has been when handler() returns early because no
>    username was provided.  My only thought is that this is the result
>    of sub-requests being fired off somewhere under the hood.
>
> 2. I can set the user, but can't find any way to set the group(s) to which
>    the user belongs, which apparently is needed if "require valid-user"
>    is used, which in turn is necessary in order to use an authentication
>    handler.  I've found two workarounds, but neither is perfect:
>
>    a. Add "AuthGroupFile /dev/null" to the configuration.
>       This adds an unwanted dependence on mod_auth though.
>
>    b. Use a no-op, i.e. $req->push_handlers(PerlAuthzHandler,\&OK).
>       This prevents me from falling through to the default authorization
>       routine in the Apache core.  Right now this isn't a problem, so
>       this is what I'm using.  But it just doesn't seem "correct".
>
> Feedback appreciated!
>   -jp
>
>
>  - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
>      POST TO: spug-list at pm.org       PROBLEMS: owner-spug-list at pm.org
>       Subscriptions; Email to majordomo at pm.org:  ACTION  LIST  EMAIL
>   Replace ACTION by subscribe or unsubscribe, EMAIL by your Email-address
>  For daily traffic, use spug-list for LIST ;  for weekly, spug-list-digest
>   Seattle Perl Users Group (SPUG) Home Page: http://www.halcyon.com/spug/
>
>
>



 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
     POST TO: spug-list at pm.org       PROBLEMS: owner-spug-list at pm.org
      Subscriptions; Email to majordomo at pm.org:  ACTION  LIST  EMAIL
  Replace ACTION by subscribe or unsubscribe, EMAIL by your Email-address
 For daily traffic, use spug-list for LIST ;  for weekly, spug-list-digest
  Seattle Perl Users Group (SPUG) Home Page: http://www.halcyon.com/spug/





More information about the spug-list mailing list