Hi Samuele,
On Nov 13, 2008, at 4:31 AM, Samuele Kaplun wrote:
the remote_host information is directly read from Apache
environment. By
default the Apache configuration have HostnameLookups turned off in
order to
reduce latency. However if you set in your Apache configuration files:
| HostnameLookups On
the above FireRole rules will became valid.
After turning HostnameLookups On and restarting httpd, I could see
hostnames replacing ip addresses in the apache log files. However,
when looking at <.../youraccount/edit?ln=en&verbose=9>, remote_host:
is still blank.
In any case in general it might be
better to create rules based on IP address as you're already doing
since you
can use network mask syntax and your Apache server will avoid a DNS
lookup at
every connection.
This is certainly the best approach, so don't worry about my comment
above.
While on the topic, is there a simple way to create a rule that would
match every use who is authenticated using an external authentication
system (in our case, "external_auth_classe")?
Just create a rule like:
| allow login_method "external_auth_classe"
As hint, note that you can create rules based on all the key you'll
find if
you log into your installation of Invenio and go to:
<.../youraccount/edit?ln=en&verbose=9>
The "verbose=9" URL attribute will disclose the available
information. All the
keys in bold under "Your Settings" are eligible for building a
FireRole rule.
Many thanks! This is very helpful.
Sincerely,
Devin
