On Fri, Jul 9, 2010 at 9:19 PM, Eric G. Wolfe <eric.wo...@marshall.edu> wrote: > I was looking at the proof-of-concept per-user menus, here: > http://etherboot.org/wiki/appnotes/authmenus and had a couple questions. > > I assume the gPXE login command is implemented in C code, as opposed to > using external Apache basic auth modules, is that a correct assumption? > Could Apache auth module support be implemented? It looks like the login command sets two variables. > > The reason I ask is that I want to provide dynamic PXE menus, based on a > user's Active Directory LDAP group membership. So this is what I am > thinking. I can do mod_auth_kerb authentication with Apache, coupled > with an AD group membership checker which I have already implemented in > Perl > (http://webpages.marshall.edu/~wolfe21/perl/Net-LDAP-ADGroup-v0.2.tar.gz). > > So, in the PHP example, there is an escaped > "\${username:uristring}:\${password:uristring}" in the first part of the > chaining process. Are these GET/POST variables set by the login command > C code, or is this a PHP thing? Could that behavior be replicated in > Perl, just as easily? I was thinking if I passed the username/password > URI to a mod_auth_kerb protected directory, it would pass through > without much effort on my part.
The variables are escaped so they don't get parsed by PHP, just passed down to gpxe. > If I understand correctly the process would be something along the lines of: > A gPXE login cmd is first called which then chainloads to a user/pass > encoded URI -> this could get passed to a mod_auth_kerb protected > script, which then looks up AD group membership and generates a dynamic > pxelinux menu based on that group membership. > > In other words, as I understand it, the first gPXE script cannot > generate a login UI for any given Apache Basic Auth module. Because > gPXE, uses its own C code to "draw" a login UI for authentication, is > that correct? I'm not that familiar with PHP to grasp whether > ${password:uristring} that is a built-in PHP thing, a global variable, > or something that the gPXE login command exports for use by any > server-side scripting language. > I thought https://user:passw...@somewhere/ was "basic auth" > -- > Eric G. Wolfe > Senior Linux Administrator, > IT Infrastructure Systems > -------------------------------------- > Marshall University Computing Services > Drinko Library 428-K > One John Marshall Dr. > Huntington, WV 25755 > > Reactor error - core dumped! > > _______________________________________________ > gPXE mailing list > gPXE@etherboot.org > http://etherboot.org/mailman/listinfo/gpxe > _______________________________________________ gPXE mailing list gPXE@etherboot.org http://etherboot.org/mailman/listinfo/gpxe