httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Roderick Murchison, Jr." <murch...@ca>
Subject Re: Apache server enhancement request (fwd)
Date Wed, 31 May 1995 22:11:24 GMT
Finally I have some time to answer this!

We have been working for several weeks now on just such an enhancement... 
namely, all *httpd authentication* occurs via queries to an external sybase 
database, rather than local flat files or DBM files.  We made the 
enhancements for both passwd and group authentication and it works 
surprisingly well.  The benefits, of course, are great especially if you 
want a common place for a group of www servers to authenticate.  The 
enhancements include a database for group membership and we currently 
have no limitations on how many a userid can belong to.
We plan to do some more enhancements with security in specific, but for 
now the configuration is as follows:
- modified Apache/NCSA httpd source so that authentication occurs via 
dblib, through an Eagle Raptor firewall (works without it just fine), to 
an internal Sybase database.
- a set of utilities for performing very protected probes of the 
database, passwd changes, etc. etc.  Many of these are used in 
conjunction with our www-sybase-clarify call tracking system enhancements.  
- a host of "user management" www pages which are written in perl and 
call several of the utilities to create, modify, remove users, add 
groups, delete groups, etc.

So far it has proven to be VERY fast, but although we have yet to crash 
the development site the real site (www.vivid.newbridge.com) does not run 
this modified server yet.  I hope to have it completely functional (with 
all the old users moved over into the database) on Monday so I'll let 
everybody know how it goes.  I have to finish up a few of the useradmin 
tools/pages but it's fairly straightforward.

We are still kicking around ideas on what we should do with our work... 
NCSA has approached us and seemd to be interested in our code, possibly 
for a future release, and that most likely will happen.  Whould this be a 
desired addition to Apache?  It's quite Sybase specific, but the work 
*should* be quite portable should any other database guru's be interested.

The rest of the work involves a more in-depth link between 
httpd-sybase-clarify.  If anybody is looking for a problem tracking 
package, Clarify is *expensive* but well worth the price!  One of the 
sticky points happens to be that Clarify is releasing a "www integration 
package" in a few months that is quite similar (without authentication 
features..) to what we have already done.  maybe they will give us a big 
discount if we don't release this stuff to the public domain!! ;-)

Cheers.

Roderick Murchison, Jr.                      Newbridge Networks, Inc.
-----------------------                      Network Engineering
murchiso@newbridge.com                       Herndon, VA 22070-5241
http://www.vivid.newbridge.com/~murchiso     (703) 318-5759        

On Tue, 30 May 1995, Rob Hartill wrote:

>  
> > Hello,
> > 
> > sorry to bother you directly, but all apache.org seems to be down. Allowing
> > DBM files for authentication is a step into the right direction. Would it
> > be possible to go one step further and allow the execution of an external
> > program for authentication? In paricular, I'd like to hook authentication
> > to a SQL database, but any external program (as defined in access.conf)
> > that returns the encrypted password for a given username should do. This
> > would allow to run several HTTP servers which all receive user
> > authentication data from a central repository.
> > 
> > Thanks,
> > 
> > JS
> > 
> > ============================================================
> > Joerg Senekowitsch, Ph.D.           <joerg@pharmacy.isu.edu>
> > SysAdmin                            Phone: (208) 236-2627
> > College of Pharmacy                 FAX:   (208) 236-4421
> > Idaho State University              ------------------------
> > Pocatello, Idaho 83209                  I SPEAK FOR MYSELF !
> > ==================== mens agitat molem =====================
> 

Mime
View raw message