2008/11/19 rich <[EMAIL PROTECTED]>: > > Hello all. > I'd like to create a WSGI aaa and session management application to > protect non-WSGI Apache resources. > > E.G. <Directory>s and <Location>s which may contain a static HTML > website, or a Java app via mod_weblogic, etc. > > I came across Grahams post below. The thread went on on to suggest > mod_auth_tkt (http://www.openfusion.com.au/labs/mod_auth_tkt/) as a > solution, but I don't think this provides the flexibility I need to > implement the functionality I need. (strong session keys, password > expiry, password changes, additional credential for 2 factor token, > authentication by HTML form and web service). > > My question is, is this possible using wod_wsgi today, or is the > necessary hook still not hooked up? > > Apologies for the broad nature of this question, I hope it is clear > enough to be intelligible.
Partly intelligible. I don't really know much about mod_auth_tkt so would have to take your word about it not being suitable. The only other thing I can possibly suggest at this point is to look at: http://httpd.apache.org/docs/trunk/mod/mod_session.html This is a part of next major version of Apache though so probably not of much use now. Going back to mod_wsgi, I can progress looking at the header issue in authnz hooks and I guess we can then try and work out if it may even then be possible to do what you want. It may possibly not be and mod_session like functionality from Apache 2.3/2.4 may be needed. You have a look at mod_session and I'll see if can address that authnz header issue and also think about what realistically may be able to be done with this stuff. Graham > > Best Regards > Richard > > > ---------- Forwarded message ---------- > From: "Graham Dumpleton" <[EMAIL PROTECTED]> > Date: Mar 25, 12:40 pm > Subject: getting HTTP_USER_AGENT > To: modwsgi > > > Sorry, one more thing have been bouncing around in my head is > introducing a new Require directive argument and corresponding hook > function which might somehow be used to implementsessionmanagement. > The idea being here to provide a means for HTML forms based login. > This could be independent of any WSGI applications, with the WSGI > applications just knowing that user was authenticated, much like with > Basicauthentication, or it could be integrated with existing > applications auth mechanisms. > > For example, imagine being able to useDjangoHTMLformlogin > andsessionmanagement to control access to a Trac instance on same > site. > In other words someformof support that might allow single sign in > across Python web applications. > > If anyone has any thoughts about that one and whether it is even of > interest would be good to know. > > BTW, I know this is outside of WSGI, and some feel I should > concentrate on just WSGI, but some times I need diversions to keep my > mind occupied. ;-) > > Graham > > > > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "modwsgi" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/modwsgi?hl=en -~----------~----~----~----~------~----~------~--~---
