Uh, is there a general wish-list for this stuff? We have our own auth module which interfaces to AOLServer very similarly to nsperm (so only handles basic) that we're trying to extend to also support session/cookie authentication in a mixed environment. One problem I've had is in the Ns_Conn headers (3.4.2) -- there is no state distinguishing whether the user name can be trusted. My current design calls for handling session/cookie work in a pre-auth filter, at which point I'm stuffing an output header with the valid user name, since there's no way to set the authUser field from TCL, and no way to tell the auth module that the reason there's no password is that the session system handled the authentication using non-Basic headers.
Also, since the C auth module interface in that version doesn't get the Ns_Conn pointer in its callback, it either has to do tricks to discover it (so it can read cookies), or live without access to other request headers (e.g., cookies). That's one reason to do the session work in a pre-auth filter instead. I'd be happier with a solution that had separate fields; i.e., in the request struct, the parsed values from the incoming request, but in the conn struct, the decisions made by the auth modules. "authUser" should mean "authenticated user" through the whole processing pipeline (and thus be assumed empty until auth is complete); perhaps "reqUser" to mean "claimed user" (& reqPassword, similarly). AFAICT, there's no reason to have an authPassword field. My apologies for the distraction if the wonders that built 4.x solved this already :-) -- ReC -----Original Message----- From: AOLserver Discussion [mailto:[EMAIL PROTECTED] On Behalf Of Bas Scheffers Sent: Thursday, June 30, 2005 5:20 AM To: [email protected] Subject: Re: [AOLSERVER] Module help Dossy Shiobara said: > Yeah, that whole "lets send an absolute time in the Set-Cookie header > for expiration stamp instead of a relative time" was pretty bone-headed. Well, apperantly cookies were created by the same guy that gave us the <blink> tag, so go figure! ;-) > I know one module that many folks wanted to see improvements made to > is the nsperm module. I'm in favor of a better name (i.e., "nsauth") > and I had been thinking about an AOLserver user API, and then people can implement what they want, be it (XML) file based, SQL, LDAP, SQL + Session cached, whatever. And provide some basic implementations as well. This could be used for basic auth, but also in your own apps. -- AOLserver - http://www.aolserver.com/ To Remove yourself from this list, simply send an email to <[EMAIL PROTECTED]> with the body of "SIGNOFF AOLSERVER" in the email message. You can leave the Subject: field of your email blank. -- AOLserver - http://www.aolserver.com/ To Remove yourself from this list, simply send an email to <[EMAIL PROTECTED]> with the body of "SIGNOFF AOLSERVER" in the email message. You can leave the Subject: field of your email blank.
