Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
branch: 0,2-beta
Commits on Dec 1, 2008
Commits on Nov 27, 2008
  1. Documentation changes with comments from Guenter Knuaf

    authored
    * note on the trailing '/' needed for AuthRemoteURL to prevent a 301 redirect problem
    * Conditional loading of mod_auth_basic.so
    * Prune long lines
  2. Patch from Guenter Knauf

    authored
    tab -> space
    toupper() -> apr_toupper()
    strstr -> ap_strstr()
Commits on Nov 26, 2008
  1. patch from Guenter Knauf

    authored
    Makefile- look for apxs and apxs2 as some distros ship apxs2
    mod_auth_remote.c - (apr_port_t)conf->remote_port cast to make win32 cc quiet
Commits on Nov 25, 2008
  1. nod to contributors

    authored
  2. tweak doc

    authored
  3. AuthRemoteURL accepts path as well as full urls

    authored
    AuthRemoteURL nos superceedes AuthRemotePort and AuthRemoteServer
    though both are supported for backward compatibility
    
    eg:
    
      AuthRemoteURL /safe/path
      AuthRemotePort 80
      AuthRemoteServer www.example.com
    
      is equivalent to
    
      AuthRemoteURL http://www.example.com/safe/path
  4. AuthRemoteCookie now takes 3 arguments, Cookie name, Cookie path, Coo…

    authored
    …kie duration
    
    The path and duration are optional, defaulting to "/" and 20 mins.
    It is recommended that all the parameters be set, especially the path
    as the default "/" will cause the auth_remote cookie to be sent back by
    the client for all requests to the server.
  5. Secret salt is now generated using the apr_random api

    authored
    For people lacking a proper source of randomness or missing apr random apis,
    passing in the AUTH_REMOTE_NO_SALT flag during compilation will remove the dependency on apr_random.h
    but this will also disable cookies (i.e. revert to original authenticate every request model)
  6. Initial support for authentication state caching via cookies

    authored
    Added AuthRemoteCookie directive.
    
      AuthRemoteCookie hrapp_auth_cookie 150
    
    Advises mod_auth_remote to create a cookie called hrapp_auth_cookie that expires in 150 secs.
    Once a user logs in successfully, for the next 150 secs he can log in without mod_auth_remote
    performing an actual login on the backend.
    
    The cookie (handling code) is reasonably secure. The cookie contains the username, timestamp of
    authenticated login and an MD5 of the username,timestamp and a secret random string.
    
    When a mismatch b/w r->remote_user and cookie user occurs or a mismatch between the signature in the cookie
    and the signature regenerated at the server occurs or the cookie expires the user is authenticated against
    the actual backend authentication system.
Commits on Nov 24, 2008
  1. New config directive AuthRemoteLocation

    authored
    AuthRemoteLocation specifies the complete http:// uri to the authenticating location.
    for eg. AuthRemoteLocation http://www.myserver.com/secure/service
    
    AuthRemoteLocation superceedes the older directives AuthRemoteServer, AuthRemotePort, AuthRemoteURL which are still valid for backward compatibility
  2. Added copyright and license terms

    authored
  3. Initial commit for mod_auth_remote

    authored
    mod_auth_remote is a authentication module for apache httpd ver 2.2.
    mod_auth_remote takes a supplied username & password combination and authenticates it against a remote server.
    This allows proxy of authentication to a remote server/service
    
    mod_auth_remote for older apache versions is available at http://saju.pillai.googlepages.com
Something went wrong with that request. Please try again.