[prev in list] [next in list] [prev in thread] [next in thread] 

List:       bricolage-devel
Subject:    Re: New Authentication Module
From:       "David E. Wheeler" <david () kineticode ! com>
Date:       2008-10-15 16:35:48
Message-ID: C2CEF1D3-2B97-44BB-A446-E6C7CB923A4E () kineticode ! com
[Download RAW message or body]

On Oct 15, 2008, at 08:51, Marshall Roch wrote:

> Basically, mod_pubcookie intercepts the request at the Apache level  
> (before mod_perl or Bricolage or anything else) and handles the SSO,  
> sending you off to a login server if you're not logged in. Then  
> you're returned to the page with a cookie that mod_pubcookie uses to  
> authenticate you. So when the request gets to mod_perl, the  
> REMOTE_USER environment variable contains the authenticated user's  
> username. You can always trust REMOTE_USER. I'm not sure how  
> mod_auth_cas works, but I'm guessing it's somehow similar in that  
> you wouldn't ever need to use the Bricolage login page.

Have a look at RT. It has a configuration setting to trust Apache's  
authentication stuff. I'm not sure if it just trusts REMOTE_USER or  
what.

> So if REMOTE_USER is set by Apache, then you can just call  
> set_user() and create the session. Looks like you'd probably want to  
> add it directly to Bric::App::Auth::auth() rather than a separate  
> auth plugin.

Sounds pretty simple.

Best,

David

[prev in list] [next in list] [prev in thread] [next in thread]