Re: User auth with mod_perl proc

[prev] [thread] [next] [Date index for 2005/03/10]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Vladimir D Belousov wrote:

| I beg your pardon if my question has got to the wrong maillist. I'm
| new in mod_perl. And english too :)

We have all been there at some time. Well, except english for some.
And except mod_perl for Stas :-)

| I want to create the scheme of authorization with mod_perl, not
| dependent on compiled Apache modules.

There exists a lot of such modules on the CPAN already
(http://www.cpan.org/) that do that. Why not try them? There are a
couple of them listed at
http://perl.apache.org/docs/1.0/guide/security.html#Apache__Auth__modules

| Me interests - how to get the login and the password entered by the
|  removed user?

Presumably you meant "remote"? Provided you actually want to go ahead
and re-implement something yourself, there are basically two methods:

~    * standard "Basic" authentication (or the more secure but less
~      supported "Digest", both described in RFC2617), which works with
~      the browser's standard login/password box;
~    * managing the authentication state machine in a custom way, using
~      cookies or URL munging for user tracking, and a custom Web user
~      interface for login and password input.

Both methods have drawbacks. All of this is described in great detail
in the "eagle book", whose chapter 6, "authentication and
authorization", is conveniently available online at
http://modperl.com:9001/.

| I have not found anything in description Apache API.

That's because you are looking in the wrong place: the Apache API will
tell you how to get Apache to do something in Perl (e.g. send a 401
response code or set a Cookie: or WWW-Authenticate: header). However,
in order to know what the effect will be on the user's browser (e.g.
pop up the password box), you have to read RFC2616 and RFC2617. Or
just use a pre-existing module from CPAN, mostly forget about all this
and be done in minutes :-)

- --
Dominique QUATRAVAUX                           Ingénieur senior
01 44 42 00 08                                 IDEALX

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFCMCJ8MJAKAU3mjcsRAqdoAJ4z+lUfwedjYkTcad6T2SADTVVFDQCeJVU0
DTxN2V81VDfKujEXESlBHqY=
=M/8O
-----END PGP SIGNATURE-----