Auth MemCookie 1.0 review

Download
by rbytes.net on

Auth MemCookie is an Apache v2 authentification and authorization modules are based on "cookie" authentification mecanism. The mo

License: The Apache License 2.0
File size: 0K
Developer: Mathieu CARBONNEAUX
0 stars award from rbytes.net

Auth MemCookie is an Apache v2 authentification and authorization modules are based on "cookie" authentification mecanism.

The module don't make authentification by it self, but verify if authentification "the cookie" are valid for each url protected by the module. The module validate also if the "authentificated user" have authorisation to acces url.

Authentification are made externaly by an authentification form page and all authentification information nessary to the module a stored in memcached indentified by the cookie value "authentification session id" by this login page.

How it Works

Phase 1 : The login Form

Authentification are made by a login formular page.
This login page must authenticate the user with any authenticate source (ldap, /etc/password, file, database....) accessible to langage of the page (php, perl, java... an ldap login page sample in php are in samples directory).

Then must set cookie that contain only a key the "authentification unique id" of the "authentification session".

The login page must store authorisation and user information of the authenticated user in memcached identified by the cookie key "authentification unique id".

The login page can be developted in any langage you want, but must be capable to use memcached (they must have memcache client api for us)

Phase 2 : The Apache v2 Module

After the user are logged, the apache 2 module check on each protected page by apache ACL the presence of the "cookie".

if the "cookie" exist, try to get session in memcached with the "cookie" value if not found return "HTTP_UNAUTHORIZED" page.

if session exist in memcached verify if acl match user session information if not match return "HTTP_FORBIDDEN" page.

Auth MemCookie 1.0 keywords