I wrote a separate, though dependent on mod_auth_cas, apache module that is loosely based on mod_authz_groupfile.
I've got a meeting next week with our legal department to see if I can release it to Jasig. The main difference between mine and yours seems to be use of a config file with attribute:value pairs instead of a Require directive. Cool Thanks, Eric On Tue, Jul 19, 2011 at 9:49 AM, <[email protected]> wrote: > Hi there, > > In early 2010, an authorization patch has been posted to the mod_auth_cas > issue tracker at > https://issues.jasig.org/browse/MAS-37 > So far, this patch has not made it into the main sourcecode. > > This patch has some limitations and I thought it worthwhile to post an > alternative patch at > https://issues.jasig.org/browse/MAS-60 > > The main difference between the two proposals is the implementation method > (MAS-37: HTTP Request Headers vs. MAS-60:Apache Request Structure Note), > the availability of a "CASAuthoritative" directive in MAS-60 > and a slightely different configuration syntax: > > MAS-37: Require <attribute-name> <value> > i.e. Require organization foo > > MAS-60: Require cas-attribute <attribute-name>:<value> > [<attribute-name>:<value>] > i.e. Require cas-attribute organization:foo > > The code in the MAS-60 patch is also bigger, but not necessarily slower. > > Mod_auth_cas lead developer Phil Ames has asked me to send note to this > mailinglist > and ask for feedback here as well. > > Best regards, > > Christian Folini, Swiss Post > > > > -- > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > > -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
