mod_auth_bsd 0.8.1 review

by on

mod_auth_bsd is an Apache module that supports BSD Authentication on OpenBSD

License: MIT/X Consortium License
File size: 11K
Developer: William Ahern
0 stars award from

mod_auth_bsd is an Apache module that supports BSD Authentication on OpenBSD. As of version 0.8.0 it can authenticate even when Apache is run in a chroot jail, as it is in a default installation of OpenBSD. Also as of 0.8.0, the login_bsd wrapper has been removed. The wrapper was no longer required and gave too much privileged system access to regular users.

Currently mod_auth_bsd only supports AuthType Basic and the "login" service protocol, so your available authentication options are limited to a user/pass pair as entered through a browser via HTTP Basic authentication, and passing that user and password to the wrapper (and thus to any underlying system authentication scripts).

By default mod_auth_bsd erases the supplied password after verifying a user. This way CGI or in-process scripts such as PHP and Perl are not able to see the password. Likewise, mod_auth_bsd checks for an SSL connection before continuing to authenticate. This behavior can be altered with the AuthBSDKeepPass and AuthBSDRequireSSL configuration directives, but is intended to help the developer protect the privacy of system passwords.

mod_auth_bsd apache module can supports credential caching, both for successful and unsuccessful authentication attempts. Unsucccessful attempts can be throttled on a per-user basis by introducing a delay between failed authentication requests. This delay does not block the authentication daemon, though it will of course block the child httpd process.

libevent 1.0

What's New in This Release:
Add ability to query user information during authentication, specifically the ability to query group membership. Now it should be easy to make "Require group foo" work.

mod_auth_bsd 0.8.1 search tags