On 21.02.2019 00:01, Paul B. Henson wrote:
On Wed, Feb 20, 2019 at 05:56:48PM -0500, Edward J. Sabol wrote:
Any pointers to a working AuthzProvider written in Perl (like for the
"species" one) in your examples? It's not perfectly clear to me how to
go about that.
I wrote one for CAS auth a while back:
https://github.com/pbhenson/Apache2-AuthCASpbh/blob/master/lib/Apache2/AuthCASpbh/Authz.pm
Nice example.
What I found a bit "jarring" when I ported my own auth/authz modules (*) to Apache 2.4, is
this : with Apache 2.4,
1) the "authz" function is now called *first* (before any authentication module has been
called - even non-perl add-on ones),
and
2) it *can* be called 2 or more times during the same request cycle
and
3) the "authz" function, in Apache 2.4, is much more "at the mercy" of whatever
Authentication module is being called, and what it does precisely (e.g. /if/ and /when/ it
sets $r->user)
and
4) the precise formulation (and imbrication) of the <Require> sections and directives is
very important
and
5) there seems to be no real mod_perl-level (or even Apache-httpd-level) documentation
available, which explains the above in a general context, rather than for any specific
perl module.
A good explanation is provided by Michael Schout in
https://metacpan.org/pod/distribution/Apache-AuthCookie/README.apache-2.4.pod, and this
should be "required reading" for anyone playing with AAA under Apache 2.4; but it is still
somewhat oriented to the specific (and otherwise excellent, I never tire of repeating
that) Apache2::AuthCookie module.
It would be good to integrate some version of this directly in the on-line mod_perl
documentation, but it is a bit obscure how to go about that.
(*) sorry, not really in a shape or style where I would be willing to share them
universally; but on a one-to-one base, I would not mind if anyone is interested.