Skip to content
Commits on Sep 23, 2011
  1. Merge pull request #1 from SurfEasy/master

    fix issue with apr_socket_send/recv where they were returning error 14 (bad address)
Commits on Sep 9, 2011
  1. @athirn

    fix problem with apr_socket_send/recv where they were returning error…

    athirn committed
    … 14 (bad address). changed rz from in to apr_size_t.
Commits on Nov 27, 2008
  1. Merge branch '0,2-beta'

    mainly to grab the line wraps for mod_auth_remote.c
  2. todo

  3. Documentation changes with comments from Guenter Knuaf

    * note on the trailing '/' needed for AuthRemoteURL to prevent a 301 redirect problem
    * Conditional loading of
    * Prune long lines
  4. Patch from Guenter Knauf

    tab -> space
    toupper() -> apr_toupper()
    strstr -> ap_strstr()
Commits on Nov 26, 2008
  1. patch from Guenter Knauf

    Makefile- look for apxs and apxs2 as some distros ship apxs2
    mod_auth_remote.c - (apr_port_t)conf->remote_port cast to make win32 cc quiet
Commits on Nov 25, 2008
  1. nod to contributors

  2. tweak doc

  3. AuthRemoteURL accepts path as well as full urls

    AuthRemoteURL nos superceedes AuthRemotePort and AuthRemoteServer
    though both are supported for backward compatibility
      AuthRemoteURL /safe/path
      AuthRemotePort 80
      is equivalent to
  4. AuthRemoteCookie now takes 3 arguments, Cookie name, Cookie path, Coo…

    …kie duration
    The path and duration are optional, defaulting to "/" and 20 mins.
    It is recommended that all the parameters be set, especially the path
    as the default "/" will cause the auth_remote cookie to be sent back by
    the client for all requests to the server.
  5. Secret salt is now generated using the apr_random api

    For people lacking a proper source of randomness or missing apr random apis,
    passing in the AUTH_REMOTE_NO_SALT flag during compilation will remove the dependency on apr_random.h
    but this will also disable cookies (i.e. revert to original authenticate every request model)
  6. Initial support for authentication state caching via cookies

    Added AuthRemoteCookie directive.
      AuthRemoteCookie hrapp_auth_cookie 150
    Advises mod_auth_remote to create a cookie called hrapp_auth_cookie that expires in 150 secs.
    Once a user logs in successfully, for the next 150 secs he can log in without mod_auth_remote
    performing an actual login on the backend.
    The cookie (handling code) is reasonably secure. The cookie contains the username, timestamp of
    authenticated login and an MD5 of the username,timestamp and a secret random string.
    When a mismatch b/w r->remote_user and cookie user occurs or a mismatch between the signature in the cookie
    and the signature regenerated at the server occurs or the cookie expires the user is authenticated against
    the actual backend authentication system.
Commits on Nov 24, 2008
  1. New config directive AuthRemoteLocation

    AuthRemoteLocation specifies the complete http:// uri to the authenticating location.
    for eg. AuthRemoteLocation
    AuthRemoteLocation superceedes the older directives AuthRemoteServer, AuthRemotePort, AuthRemoteURL which are still valid for backward compatibility
  2. Added copyright and license terms

    Saju Pillai committed
  3. Initial commit for mod_auth_remote

    Saju Pillai committed
    mod_auth_remote is a authentication module for apache httpd ver 2.2.
    mod_auth_remote takes a supplied username & password combination and authenticates it against a remote server.
    This allows proxy of authentication to a remote server/service
    mod_auth_remote for older apache versions is available at
Something went wrong with that request. Please try again.