A remark: in many cases, the authentication against the password file can be replaced by verifying valid FTP/Telnet login to "localhost", not only because the password (shadow) file is usually not avialble for Apache account but also secure. In the ticketing system, the FTP/Telnet authentication runs only at the first time of login and the follow-up access can goes without re-FTP and so is pretty fast. Check this : http://modperl.home.att.net
Peter Bi ----- Original Message ----- From: "Geoffrey Young" <[EMAIL PROTECTED]> To: "Todd Chapman" <[EMAIL PROTECTED]> Cc: <[EMAIL PROTECTED]> Sent: Monday, May 20, 2002 6:50 AM Subject: Re: Setting require in Authentication handler? > > > Todd Chapman wrote: > > > That makes sense. I can't use mod_auth because I can't set Require. > > > well, if you're saying that you don't have the ability to set the Require directive at all > (as in you don't have access to edit httpd.conf), then you can't run any authentication > handler - mod_auth, mod_perl, or otherwise. Apache core requires the Require directive to > be set to something before it will even try to run the authen/authz phases of the request. > > so, you may be out of luck and need to resort to the CGI tricks of yore where everything > is clumped in the content-generation phase (and of which I'm not that familiar). > > > I'm > > using Basic authentication and text based password files. Unfortunately, I > > can't find an Apache::Auth* module that handles basic authentication > > against text files. Did I miss it somewhere? > > > I'm not sure, but it may not exist for the reason I stated eariler about mod_perl not > duplicating default Apache behavior. IIRC, there is one that authenticates against > /etc/passwd, so maybe you can use that as an example of flat file based processing. > > in general, though, the steps are pretty much the same no matter which authentication > method you choose. see > > http://www.modperlcookbook.org/code/ch13/Cookbook/Authenticate.pm > > for an example - all you need to do is replace the authenticate_user() subroutine with > calls that validate the user based on your own criteria. > > HTH > > --Geoff > > > > >
