perl-modperl mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From André Warnier>
Subject Re: Authorization without Authentication?
Date Sun, 03 Aug 2014 15:02:54 GMT
Mark jensen wrote:
> I have seen this link:
> and as it said: This phase requires a successful authentication from the
> previous phase,  because a username is needed in order to decide
> whether a user is authorized to access the requested resource.
> but what if I don't want to authenticate users (BECAUSE I have already authenticate them
using freeRADIUS and IEE802.1x) , I want only to authorize them, you would ask me how can
we get the username.
> I have usernames with there IPs in mysql DB like this:
> user    IP
> Mark
> Mike
> and I have them too in the DNS:
> in its revers zone (
> $TTL 60 ; 1 minute 
> 10            PTR Mark
> 11            PTR Mike
> How can I let module_perl make use of mysql DB or DNS zone to authorize my users using
PerlAuthzHandler ?

You could create and configure a "dummy" PerlAuthHandler, which sets $r->user to whatever

value you consider as the "authenticated user-id" (such as the above IP) and returns OK.
Then in PerlAuthzHandler, you pick up $r->user and use it for your authorization.

This way, if in the future you change your mind about Radius or whatever, you only have to

change the PerlAuthHandler, and everything will continue to work smoothly.

View raw message