Mark jensen wrote:
I have seen this link:
http://perl.apache.org/docs/2.0/user/handlers/http.html#PerlAuthzHandler
and as it said: This phase requires a successful authentication from the
previous phase, because a username is needed in order to decide
whether a user is authorized to access the requested resource.
but what if I don't want to authenticate users (BECAUSE I have already
authenticate them using freeRADIUS and IEE802.1x) , I want only to authorize
them, you would ask me how can we get the username.
I have usernames with there IPs in mysql DB like this:
user IP
Mark 192.168.1.10
Mike 192.168.1.11
and I have them too in the DNS:
in its revers zone (1.168.192.in-addr.arpa):
$TTL 60 ; 1 minute
10 PTR Mark
11 PTR Mike
How can I let module_perl make use of mysql DB or DNS zone to authorize my
users using PerlAuthzHandler ?
You could create and configure a "dummy" PerlAuthHandler, which sets $r->user to whatever
value you consider as the "authenticated user-id" (such as the above IP) and returns OK.
Then in PerlAuthzHandler, you pick up $r->user and use it for your
authorization.
This way, if in the future you change your mind about Radius or whatever, you only have to
change the PerlAuthHandler, and everything will continue to work smoothly.
