Switch branches/tags
Nothing to show
Commits on Sep 23, 2011
  1. Merge pull request #1 from SurfEasy/master

    saju committed Sep 23, 2011
    fix issue with apr_socket_send/recv where they were returning error 14 (bad address)
Commits on Sep 9, 2011
  1. fix problem with apr_socket_send/recv where they were returning error…

    athirn committed Sep 9, 2011
    … 14 (bad address). changed rz from in to apr_size_t.
Commits on Nov 27, 2008
  1. Merge branch '0,2-beta'

    saju committed Nov 27, 2008
    mainly to grab the line wraps for mod_auth_remote.c
  2. todo

    saju committed Nov 27, 2008
  3. Documentation changes with comments from Guenter Knuaf

    saju committed Nov 27, 2008
    * note on the trailing '/' needed for AuthRemoteURL to prevent a 301 redirect problem
    * Conditional loading of
    * Prune long lines
  4. Patch from Guenter Knauf

    saju committed Nov 27, 2008
    tab -> space
    toupper() -> apr_toupper()
    strstr -> ap_strstr()
Commits on Nov 26, 2008
  1. patch from Guenter Knauf

    saju committed Nov 26, 2008
    Makefile- look for apxs and apxs2 as some distros ship apxs2
    mod_auth_remote.c - (apr_port_t)conf->remote_port cast to make win32 cc quiet
Commits on Nov 25, 2008
  1. nod to contributors

    saju committed Nov 25, 2008
  2. tweak doc

    saju committed Nov 25, 2008
  3. AuthRemoteURL accepts path as well as full urls

    saju committed Nov 25, 2008
    AuthRemoteURL nos superceedes AuthRemotePort and AuthRemoteServer
    though both are supported for backward compatibility
      AuthRemoteURL /safe/path
      AuthRemotePort 80
      is equivalent to
  4. AuthRemoteCookie now takes 3 arguments, Cookie name, Cookie path, Coo…

    saju committed Nov 25, 2008
    …kie duration
    The path and duration are optional, defaulting to "/" and 20 mins.
    It is recommended that all the parameters be set, especially the path
    as the default "/" will cause the auth_remote cookie to be sent back by
    the client for all requests to the server.
  5. Secret salt is now generated using the apr_random api

    saju committed Nov 25, 2008
    For people lacking a proper source of randomness or missing apr random apis,
    passing in the AUTH_REMOTE_NO_SALT flag during compilation will remove the dependency on apr_random.h
    but this will also disable cookies (i.e. revert to original authenticate every request model)
  6. Initial support for authentication state caching via cookies

    saju committed Nov 25, 2008
    Added AuthRemoteCookie directive.
      AuthRemoteCookie hrapp_auth_cookie 150
    Advises mod_auth_remote to create a cookie called hrapp_auth_cookie that expires in 150 secs.
    Once a user logs in successfully, for the next 150 secs he can log in without mod_auth_remote
    performing an actual login on the backend.
    The cookie (handling code) is reasonably secure. The cookie contains the username, timestamp of
    authenticated login and an MD5 of the username,timestamp and a secret random string.
    When a mismatch b/w r->remote_user and cookie user occurs or a mismatch between the signature in the cookie
    and the signature regenerated at the server occurs or the cookie expires the user is authenticated against
    the actual backend authentication system.
Commits on Nov 24, 2008
  1. New config directive AuthRemoteLocation

    saju committed Nov 24, 2008
    AuthRemoteLocation specifies the complete http:// uri to the authenticating location.
    for eg. AuthRemoteLocation
    AuthRemoteLocation superceedes the older directives AuthRemoteServer, AuthRemotePort, AuthRemoteURL which are still valid for backward compatibility
  2. Added copyright and license terms

    Saju Pillai
    Saju Pillai committed Nov 24, 2008
  3. Initial commit for mod_auth_remote

    Saju Pillai
    Saju Pillai committed Nov 24, 2008
    mod_auth_remote is a authentication module for apache httpd ver 2.2.
    mod_auth_remote takes a supplied username & password combination and authenticates it against a remote server.
    This allows proxy of authentication to a remote server/service
    mod_auth_remote for older apache versions is available at