On Fri, Jul 9, 2010 at 9:19 PM, Eric G. Wolfe <eric.wo...@marshall.edu> wrote:
> I was looking at the proof-of-concept per-user menus, here:
> http://etherboot.org/wiki/appnotes/authmenus and had a couple questions.
>
> I assume the gPXE login command is implemented in C code, as opposed to
> using external Apache basic auth modules, is that a correct assumption?
> Could Apache auth module support be implemented?
It looks like the login command sets two variables.
>
> The reason I ask is that I want to provide dynamic PXE menus, based on a
> user's Active Directory LDAP group membership. So this is what I am
> thinking. I can do mod_auth_kerb authentication with Apache, coupled
> with an AD group membership checker which I have already implemented in
> Perl
> (http://webpages.marshall.edu/~wolfe21/perl/Net-LDAP-ADGroup-v0.2.tar.gz).
>
> So, in the PHP example, there is an escaped
> "\${username:uristring}:\${password:uristring}" in the first part of the
> chaining process. Are these GET/POST variables set by the login command
> C code, or is this a PHP thing? Could that behavior be replicated in
> Perl, just as easily? I was thinking if I passed the username/password
> URI to a mod_auth_kerb protected directory, it would pass through
> without much effort on my part.
The variables are escaped so they don't get parsed by PHP, just passed
down to gpxe.
> If I understand correctly the process would be something along the lines of:
> A gPXE login cmd is first called which then chainloads to a user/pass
> encoded URI -> this could get passed to a mod_auth_kerb protected
> script, which then looks up AD group membership and generates a dynamic
> pxelinux menu based on that group membership.
>
> In other words, as I understand it, the first gPXE script cannot
> generate a login UI for any given Apache Basic Auth module. Because
> gPXE, uses its own C code to "draw" a login UI for authentication, is
> that correct? I'm not that familiar with PHP to grasp whether
> ${password:uristring} that is a built-in PHP thing, a global variable,
> or something that the gPXE login command exports for use by any
> server-side scripting language.
>
I thought https://user:passw...@somewhere/ was "basic auth"
> --
> Eric G. Wolfe
> Senior Linux Administrator,
> IT Infrastructure Systems
> --------------------------------------
> Marshall University Computing Services
> Drinko Library 428-K
> One John Marshall Dr.
> Huntington, WV 25755
>
> Reactor error - core dumped!
>
> _______________________________________________
> gPXE mailing list
> gPXE@etherboot.org
> http://etherboot.org/mailman/listinfo/gpxe
>
_______________________________________________
gPXE mailing list
gPXE@etherboot.org
http://etherboot.org/mailman/listinfo/gpxe
