Wednesday, May 11. 2005
What I'm currently working on...
Well, whether you have or haven't been keeping up with my personal blog, I have been quite busy the past 2-3 weeks moving about 200 miles south. I'm still not settled in and my main development machine, though running, isn't exactly in an ergonomically usable state (i.e. it's sitting on the floor 
).
Anyhow, Ian Bicking's blog entry about single signon tuned me onto mod_auth_tkt. I haven't actually tried mod_auth_tkt yet, but by all descriptions and accounts, it seems like something I'd like to use. (In fact, before my moving got serious, I was working on a single signon service for flup.org - but still hadn't quite worked out the mechanics.)
The only big problem with mod_auth_tkt is this note from the web page/readme:
) I began porting mod_auth_tkt to Apache 2 last night.
Porting to Apache 2 is actually quite easy and mechanical, almost requiring no thought. I didn't bother using the ap*_compat.h headers though and opted to rename the types/functions to use the Apache 2 equivalent. (Maybe not a smart move, in hindsight, with regards to maintenence... doh!)
Anyway, it's compiling without warnings... but I've yet to actually try it. For some reason, I think I need to set aside a whole day to debug it... and I will probably do that sometime soon. These past few days, I've been too concerned with getting my DSL working...
).Anyhow, Ian Bicking's blog entry about single signon tuned me onto mod_auth_tkt. I haven't actually tried mod_auth_tkt yet, but by all descriptions and accounts, it seems like something I'd like to use. (In fact, before my moving got serious, I was working on a single signon service for flup.org - but still hadn't quite worked out the mechanics.)
The only big problem with mod_auth_tkt is this note from the web page/readme:
NOTE: mod_auth_tkt does NOT work with Apache version 2, only with Apache 1.3.x.Which is unfortunate, since I use Apache 2 for deployment. But really, I'm not going to let that stop me. (It didn't stop me in the case where the Apple-supplied mod_WebObjects only supported Apache 1.3 either.
) I began porting mod_auth_tkt to Apache 2 last night.Porting to Apache 2 is actually quite easy and mechanical, almost requiring no thought. I didn't bother using the ap*_compat.h headers though and opted to rename the types/functions to use the Apache 2 equivalent. (Maybe not a smart move, in hindsight, with regards to maintenence... doh!)
Anyway, it's compiling without warnings... but I've yet to actually try it. For some reason, I think I need to set aside a whole day to debug it... and I will probably do that sometime soon. These past few days, I've been too concerned with getting my DSL working...
Trackbacks
Trackback specific URI for this entry
No Trackbacks
Comments
Display comments as
(Linear | Threaded)
I am also interested in a mod_auth_tkt version for Apache 2.
I didn't already try it but mod_auth_tkt seems to be THE solution I am looking for performant, secure and cheap authentication. With this solution, the authentication phase (password control) is independent of the access phase (ticket control).
So you can use a normal php page to check the password, you can use your own password encryption for transmission on the net (better than basic authentication!!!) and you can put the passwords and users in a mySql database (better than .htpasswd files).
No need for expensive SSL and certificate.
You must just create the ticket cookie in your "password check" page.
Thanks,
R.de Crombrugghe,
webmaster
I didn't already try it but mod_auth_tkt seems to be THE solution I am looking for performant, secure and cheap authentication. With this solution, the authentication phase (password control) is independent of the access phase (ticket control).
So you can use a normal php page to check the password, you can use your own password encryption for transmission on the net (better than basic authentication!!!) and you can put the passwords and users in a mySql database (better than .htpasswd files).
No need for expensive SSL and certificate.
You must just create the ticket cookie in your "password check" page.
Thanks,
R.de Crombrugghe,
webmaster
One big problem with mod_auth_tkt is that it doesn't allow the use of "servername" in the config file.
So, it cannot be used for hosting !!
I anybody can solve that, it will be a big help.
So, it cannot be used for hosting !!
I anybody can solve that, it will be a big help.
It would be interesting to register the module in :
http://modules.apache.org/register
http://modules.apache.org/register
I haven't tested it yet (and I really haven't had time to). There's also a minor issue of the original mod_auth_tkt requiring test_char.h, which doesn't seem to be installed as part of a normal Apache 2.0 installation. (I even have doubts that it gets built normally.)
My FreeBSD dev box is back up, so hopefully that testing & debugging happens soon.
My FreeBSD dev box is back up, so hopefully that testing & debugging happens soon.
I was about to begin testing & debugging when I decided to visit the official mod_auth_tkt page to check for updates. Apparently, the new version 2.0.0b3 supports Apache 2.
Needless to say, I'm quite glad and now I can just skip directly to playing with mod_auth_tkt rather than trying to port it to Apache 2.
Needless to say, I'm quite glad and now I can just skip directly to playing with mod_auth_tkt rather than trying to port it to Apache 2.
After test, it appears that mod_auth_tkt (version 1.3...) also works with virtual hosting (servername in the httpd.conf file).
I am busy to modify it and move the secret key to the .htaccess files. It will be better for site hosting providers.
I am busy to modify it and move the secret key to the .htaccess files. It will be better for site hosting providers.
Calendar
|
February '12 | |||||
| Mon | Tue | Wed | Thu | Fri | Sat | Sun |
| 1 | 2 | 3 | 4 | 5 | ||
| 6 | 7 | 8 | 9 | 10 | 11 | 12 |
| 13 | 14 | 15 | 16 | 17 | 18 | 19 |
| 20 | 21 | 22 | 23 | 24 | 25 | 26 |
| 27 | 28 | 29 | ||||
Quicksearch
Categories
Syndicate This Blog
Blog Administration
Powered by
