----- "Devraj Mukherjee" <dev...@gmail.com> wrote: > Hi Anders, > > Depending on what the directories contains (eg. your app) I would > nearly be tempted to using OAuth or one of the open authentication > protocols.
+1 on that. I've been thinking of doing this kind of thing using things like: http://httpd.apache.org/docs/trunk/mod/mod_auth_form.html http://httpd.apache.org/docs/trunk/mod/mod_lua.html There's a couple of OAuth implementations available in Lua e.g.: https://github.com/fperrad/LuaOAuth#readme > I realise that its not the same as Basic authentication where the > authenticated session is generated by another server. Basic seems very inappropriate these days for many things. Most of all the fact that it lacks a logout, that it transfers creds in clear-text -- and at every request. > Just my two cents worth! > > On Tue, Jan 11, 2011 at 8:52 PM, Anders Melchiorsen > <m...@spoon.kalibalik.dk> wrote: > > Hi. > > > > I want to password protect some directories by forwarding the HTTP > > authentication to a different URL. That is, rather than using LDAP > or MySQL > > as a backend, I want to use a CGI script (possibly on a different > server). > > > > Searching high and low has not helped me -- "http authentication" > mostly > > turns up discussions on the htpasswd syntax. > > > > As I was unable to find any official way, I made this test module, > > > > http://www.kalibalik.dk/anders/software/mod_authn_http/ > > > > but it would need some work before I can use it for real (it > currently > > forks a curl process to forward the request). > > > > So, my question is: how can I do this with just standard modules? ErrorDocument 401 URI See: http://httpd.apache.org/docs/current/mod/core.html#errordocument > > Thanks, > > Anders. i -- Igor Galić Tel: +43 (0) 664 886 22 883 Mail: i.ga...@brainsware.org URL: http://brainsware.org/ --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
