mod_idcheck 2.0.9 review

mod_idcheck is a cookie based authorisation for apache. Cookie based web authentication and single sign on system designed for largi

License: GPL (GNU General Public License) File size: 0K Developer: M. D. T. Evans

0

mod_idcheck is a cookie based authorisation for apache.

Cookie based web authentication and single sign on system designed for largish intranets under a single domain where many people run their own webservers (and you don't trust them all much).

On first connection, an untrusted webserver redirects new requests for restricted pages to the idcheck server (to be authenticated). The idcheck server takes and checks the users credentials and, if successful, redirects the users browser back to the page they requested. As it redirects, the server installs a private cookie (scoped only for the idcheck webserver) and a second cookie that acts as a session cookie for the untrusted webserver (which is checked for validity, over http against the idcheck server) when downloading subsequent pages.

When the user accesses another webserver that also has idcheck restricted pages he does not need to enter his credentials again because of the private idcheck cookie indicates that he has already authenticated and so can bypass the login form. This provides a single sign on environment for multiple webservers in a single domain.

In addition, The mechanism provides detailed, filtered, data about the user to other webservers so that they can make fine grained access decisions. For example, with idcheck and a suitable authentication source (e.g. an LDAP server) it is possible to restrict certain areas of websites to individuals or groups of individuals (e.g. those in the same department).

This package contains the following components:

A server implementation written in mod_perl2.
C module for apache2 (mod_idcheck.so) which is known to build under Linux/Solaris and Netware.
PHP and mod_perl example implementations.

A contributed PAM module that is useful when a web service uses a backend system (an imap server or database) that requires the user to authenticate as themselves.

Requirements:
Apache