Thanks for the reply! Since I just joined I was a bit unsure. You
may by correct, I might have better luck on a more Apache-oriented list.
Your comments are however useful and appreciated.
What I was thinking of on the authz side was to set all passwords
the same or with no password at all. I can get the CAS
authenticated username and then use that to build my query for authz?
Main reason I posted here was to see if anyone else had done this
themselves? And if so, perhaps gather some info about their
experience...
Marc
On 8/24/2010 12:15 PM, Scott Battaglia wrote:
Its an appropriate list, but we only have a few Apache module experts.
I'm not one of them. :-) So you may do better on a more Apache-oriented
forum for general questions on how how to chain modules together.
That said, in general you can chain authentication modules, though I
don't know if they can chain well enough such that one provides authn
and one provides authz. You'd have to see how they work (i.e. what
happens if mod_auth_mysql doesn't get a password? If one authn module
succeeds do the other ones get tried?
CAS can send back attributes via SAML1.1. Can that be used in
conjunction with your authorization needs?
On Tue, Aug 24, 2010 at 2:09 PM, Marc Thompson <[email protected]
<mailto:[email protected]>> wrote:
My apologies if I've posted this query to the wrong list? If so,
can you point out a better forum for this type of question?
On 8/23/2010 2:47 PM, Marc Thompson wrote:
We have been using basic authentication for years to password
protect directories on an Apache server. Now our university has
implemented and deployed CAS and it has been working great.
We have also integrated mod_auth_cas on Apache and that works pretty
good also.
Next we would like to be able to store user authorization info like
username and group assignment in a MySQL database, so that we can
assign users and groups to certain Apache served directories.
Has anyone done this? Allow certain Apache served directories to be
password protected via CAS authentication and MySQL authorization?
I was thinking that perhaps a combination of Apache modules in a
certain order might work? For instance, mod_auth_cas followed by
mod_auth_mysql? That way if a directory is encountered that
contains a .htaccess file requiring an authenticated user, they
would be redirected to CAS. Once authenticated their username could
then be used by mod_auth_mysql to check for a match and then group
info derived from that successful match?
Any pointers or suggestions would be greatly appreciated...
Marc
--
-------------------------------------------
Marc Thompson
Software Engineer
Media Solutions
University Information Technology
University of Utah
801.585.9264
[email protected] <mailto:[email protected]>
-------------------------------------------
--
You are currently subscribed to [email protected]
<mailto:[email protected]> as: [email protected]
<mailto:[email protected]>
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
--
You are currently subscribed to [email protected] as:
[email protected]
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
--
-------------------------------------------
Marc Thompson
Software Engineer
Media Solutions
University Information Technology
University of Utah
801.585.9264
[email protected]
-------------------------------------------
--
You are currently subscribed to [email protected] as:
[email protected]
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
