* note on the trailing '/' needed for AuthRemoteURL to prevent a 301 redirect problem * Conditional loading of mod_auth_basic.so * Prune long lines
…kie duration The path and duration are optional, defaulting to "/" and 20 mins. It is recommended that all the parameters be set, especially the path as the default "/" will cause the auth_remote cookie to be sent back by the client for all requests to the server.
For people lacking a proper source of randomness or missing apr random apis, passing in the AUTH_REMOTE_NO_SALT flag during compilation will remove the dependency on apr_random.h but this will also disable cookies (i.e. revert to original authenticate every request model)
Added AuthRemoteCookie directive. AuthRemoteCookie hrapp_auth_cookie 150 Advises mod_auth_remote to create a cookie called hrapp_auth_cookie that expires in 150 secs. Once a user logs in successfully, for the next 150 secs he can log in without mod_auth_remote performing an actual login on the backend. The cookie (handling code) is reasonably secure. The cookie contains the username, timestamp of authenticated login and an MD5 of the username,timestamp and a secret random string. When a mismatch b/w r->remote_user and cookie user occurs or a mismatch between the signature in the cookie and the signature regenerated at the server occurs or the cookie expires the user is authenticated against the actual backend authentication system.
AuthRemoteLocation specifies the complete http:// uri to the authenticating location. for eg. AuthRemoteLocation http://www.myserver.com/secure/service AuthRemoteLocation superceedes the older directives AuthRemoteServer, AuthRemotePort, AuthRemoteURL which are still valid for backward compatibility
mod_auth_remote is a authentication module for apache httpd ver 2.2. mod_auth_remote takes a supplied username & password combination and authenticates it against a remote server. This allows proxy of authentication to a remote server/service mod_auth_remote for older apache versions is available at http://saju.pillai.googlepages.com