perl-modperl mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Charlie Garrison <garri...@zeta.org.au>
Subject Ticket/cookie based authentication for mod_perl and static frontend
Date Tue, 26 Aug 2003 11:06:05 GMT
Good evening,

I have done a bit of research and found some possible solutions, but none of
them seem to be exactly what I want. First, the problem I need to solve...

I need to protect resources in both the static (proxy) front-end and the
mod_perl back-end. I have been using standard http authentication which works
pretty well except for not allowing a proper logout function and some caching
issues which result in occasional false FORBIDDEN responses. Since a proper
logout has become an important requirement, I am looking for other solutions.

Since I need the user credentials in the mod_perl app, I'm not happy to leave
all authentication to the front-end proxy server unless it sets the user
credentials (or some other values) before passing along the request.

I have looked at the following apache modules (for v1.3):

    Cookie Authentication   Version 1.9
    Fake Basic Authentication using Cookies
    Module homepage at ftp://ftp.kciLink.com/pub/mod_auth_cookie.c.gz
    
    Cookie Authentication with MySQL    Version 1.0
    Authentication against a MySQL database with a
    cryptographically secure cookie.
    Module homepage at http://www.qwk.net/opensource/mod_auth_cookie_mysql/
    
    mod_auth_mda    Version 2.1
    Realms for document tree and fast login for user using MD5 signed cookies.
    Module homepage at http://www.frogdot.org/mod_auth_mda/


The first one, Cookie Authentication, looks nice and simple and should do what
I want. It sets the user credentials from a cookie to be processed by another
module in the request chain. But I'd prefer to have the authentication handled
by the same module. There are some caching issues with the current auth module
which I'd like to avoid (by not using the current module any longer).

The second one, Cookie Authentication with MySQL, looks like a very good
option, except for two issues. Fist, it doesn't support the 'require group...'
directive. And second, it doesn't appear to cache mysql connections so I am
concerned about the increased load from lots of quick connections.

The third one, mod_auth_mda, is probably my favourite choice (for a variety of
reasons). But it doesn't have any sample code for creating the MD5 signed
cookies with perl, and I'm not sure I feel confident about creating the needed
functions myself. All the sample code is written in Java.

Additionally, all of the above solutions require the use of cookies. It would
be nice if I could also use a URI (eg. path info) rather than just a cookie
solution.


I feel that someone must have already solved this issue so any suggestions or
advice would be appreciated. Are there any modules which I have missed? Are
the perceived problems with the above modules really an issue, or should I be
able to use one of them without any problems.

Thanks,
Charlie

-- 
   Charlie Garrison    garrison@zeta.org.au
   PO Box 141, Windsor, NSW 2756, Australia 


-- 
Reporting bugs: http://perl.apache.org/bugs/
Mail list info: http://perl.apache.org/maillist/modperl.html


Mime
View raw message