Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add mod_authn_remoteuser #64

Merged
merged 1 commit into from
Jan 8, 2024
Merged

Add mod_authn_remoteuser #64

merged 1 commit into from
Jan 8, 2024

Conversation

botimer
Copy link
Member

@botimer botimer commented Dec 21, 2023

This standalone module allows configuring a location for header-based authentication, including optional/anonymous.

It is activated with AuthType RemoteUser.

The header is configurable with RemoteUserHeader Whatever-You-Want.

When set as the AuthType, it always passes authentication. If the header is not sent, it passes authentication while setting the anonymous username. The username/REMOTE_USER is empty by default.

The anonymous username is configurable with
RemoteUserAnonymousUsername whatever-you-want.

The ap_auth_type is set to "RemoteUser".

There is also a debug CGI set up, using the printenv that is shipped with the httpd image. It dumps the environment like we had in the "delegated" script, but it uses env style syntax without the dependency on the JSON::XS CPAN module.

This standalone module allows configuring a location for header-based
authentication, including optional/anonymous.

It is activated with `AuthType RemoteUser`.

The header is configurable with `RemoteUserHeader Whatever-You-Want`.

When set as the AuthType, it always passes authentication. If the header
is not sent, it passes authentication while setting the anonymous
username. The username/REMOTE_USER is empty by default.

The anonymous username is configurable with
`RemoteUserAnonymousUsername whatever-you-want`.

The ap_auth_type is set to "RemoteUser".

There is also a debug CGI set up, using the printenv that is shipped
with the httpd image. It dumps the environment like we had in the
"delegated" script, but it uses env style syntax without the dependency
on the JSON::XS CPAN module.
@@ -193,7 +193,7 @@ LoadModule autoindex_module modules/mod_autoindex.so
#LoadModule info_module modules/mod_info.so
#LoadModule suexec_module modules/mod_suexec.so
<IfModule !mpm_prefork_module>
#LoadModule cgid_module modules/mod_cgid.so
LoadModule cgid_module modules/mod_cgid.so
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

what's this?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We need to enable both cgi and cgid to be able to run the scripts with ScriptAlias. Combined with the printenv script, this is a simple way to approximate an app running "under" Apache and examine the environment we would expose there.

@malakai97 malakai97 merged commit 2c114a3 into main Jan 8, 2024
4 checks passed
@malakai97 malakai97 deleted the remoteuser branch January 8, 2024 19:54
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants