FAQ
I have seen this link: http://perl.apache.org/docs/2.0/user/handlers/http.html#PerlAuthzHandler

and as it said: This phase requires a successful authentication from the
previous phase, because a username is needed in order to decide
whether a user is authorized to access the requested resource.

but what if I don't want to authenticate users (BECAUSE I have already authenticate them using freeRADIUS and IEE802.1x) , I want only to authorize them, you would ask me how can we get the username.

I have usernames with there IPs in mysql DB like this:

user IP
Mark 192.168.1.10
Mike 192.168.1.11

and I have them too in the DNS:

in its revers zone (1.168.192.in-addr.arpa):

$TTL 60 ; 1 minute
10 PTR Mark
11 PTR Mike

How can I let module_perl make use of mysql DB or DNS zone to authorize my users using PerlAuthzHandler ?

Search Discussions

  • André Warnier at Aug 3, 2014 at 3:03 pm

    Mark jensen wrote:
    I have seen this link: http://perl.apache.org/docs/2.0/user/handlers/http.html#PerlAuthzHandler

    and as it said: This phase requires a successful authentication from the
    previous phase, because a username is needed in order to decide
    whether a user is authorized to access the requested resource.

    but what if I don't want to authenticate users (BECAUSE I have already authenticate them using freeRADIUS and IEE802.1x) , I want only to authorize them, you would ask me how can we get the username.

    I have usernames with there IPs in mysql DB like this:

    user IP
    Mark 192.168.1.10
    Mike 192.168.1.11

    and I have them too in the DNS:

    in its revers zone (1.168.192.in-addr.arpa):

    $TTL 60 ; 1 minute
    10 PTR Mark
    11 PTR Mike

    How can I let module_perl make use of mysql DB or DNS zone to authorize my users using PerlAuthzHandler ?
    You could create and configure a "dummy" PerlAuthHandler, which sets $r->user to whatever
    value you consider as the "authenticated user-id" (such as the above IP) and returns OK.
    Then in PerlAuthzHandler, you pick up $r->user and use it for your authorization.

    This way, if in the future you change your mind about Radius or whatever, you only have to
    change the PerlAuthHandler, and everything will continue to work smoothly.
  • Mark jensen at Aug 3, 2014 at 3:08 pm
    Thanks I guess your answer will work for me if I have only static IPs but what I have suggested is an example, my DB or DNS zone is changing dynamically, can mod_perl deal with them as a DB?
  • André Warnier at Aug 3, 2014 at 3:13 pm

    Mark jensen wrote:
    Thanks I guess your answer will work for me if I have only static IPs but what I have suggested is an example, my DB or DNS zone is changing dynamically, can mod_perl deal with them as a DB?
    sub Handler {
    my $r = shift;
    my $c = $r->connection;
    my $user = $c->remote_ip;
    $r->user($user);
    return OK;
    }
    References :
    https://perl.apache.org/docs/2.0/api/Apache2/Connection.html
    https://perl.apache.org/docs/2.0/api/Apache2/RequestRec.html

Related Discussions

Discussion Navigation
viewthread | post
Discussion Overview
groupmodperl @
categoriesmodperl, perl
postedAug 3, '14 at 1:58p
activeAug 3, '14 at 3:13p
posts4
users2
websiteperl.apache.org

2 users in discussion

Mark jensen: 2 posts André Warnier: 2 posts

People

Translate

site design / logo © 2018 Grokbase