If the web server handles the authentication, how would the CGI file get the
username? The CGI script
/usr/share/backuppc/cgi-bin/index.cgi says that $ENV{REMOTE_USER} requires
.htaccess style authentication..
On Tue, Dec 23, 2008 at 3:15 AM, Paul Mantz <pcma...@zmanda.com> wrote:
> On Fri, Dec 19, 2008 at 7:00 PM, dan <danden...@gmail.com> wrote:
> > Ideally, we should write LDAP or AD(or both) authentication into the
> > backuppc web interface. You wouldnt really have to limit access to any
> > users as the hosts file handles restricing users to hosts. You could put
> a
> > flag in the directory that a user is a backuppc user and have the
> > authentication check that. Any user that logged in that was not setup
> for
> > backups wouldnt see any hosts anyway.
> >
> > If this was PHP I could do this myself but it is not.
>
> I've thought about this and I feel that the cleanest way to implement
> this is in the webserver, outside of BackupPC's core functionality.
>
> BackupPC Community Edition deals with web access in the same way as
> the Red Hat and Fedora packagers do; in the packaging. One can edit
> the provided backuppc_community.conf file (or BackupPC.conf file) that
> is installed in the /etc/httpd/conf.d folder (for redhat-derivative
> distros, /etc/apache2/conf.d for suse, etc...) and substitute htaccess
> authentication for something that relied on mod_ldap, or something
> else instead.
>
> One thing I would like to flesh out more is the server message system,
> and decouple it from the web interface, so that the web interface can
> be run on the same computer under mod_perl without having to be the
> backuppc user. In this situation, it would make more sense to add
> more authentication than a shared secret between the web interface and
> host, but right now that's all the authentication that makes sense in
> the BackupPC code.
>
> As far as backups are concerned though; one of the items on my to-do
> list is to add functionality to add a host to the BgQueue. I haven't
> tested the 1 vs. 4 argument BackupPC_serverMesg call extensively, but
> I will do so in the morning and see about adding a patch if Holger
> doesn't beat me to it :-)
>
>
> Adios,
>
> ---
> Paul Mantz
> http://www.mcpantz.org
> BackupPC - Network Backup with De-Duplication http://www.backuppc.com
> Zmanda - Open source backup and recovery http://www.zmanda.com/
>
>
> ------------------------------------------------------------------------------
> _______________________________________________
> BackupPC-users mailing list
> BackupPC-users@lists.sourceforge.net
> List: https://lists.sourceforge.net/lists/listinfo/backuppc-users
> Wiki: http://backuppc.wiki.sourceforge.net
> Project: http://backuppc.sourceforge.net/
>
------------------------------------------------------------------------------
_______________________________________________
BackupPC-users mailing list
BackupPC-users@lists.sourceforge.net
List: https://lists.sourceforge.net/lists/listinfo/backuppc-users
Wiki: http://backuppc.wiki.sourceforge.net
Project: http://backuppc.sourceforge.net/
