NAME

Apache::Authen::Program - mod_perl external program authentication module

SYNOPSIS

<Directory /foo/bar>
# This is the standard authentication stuff
AuthName "Foo Bar Authentication"
AuthType Basic

# Variables you need to set
PerlSetVar AuthenProgram         /usr/local/Samba-2.2.3a/bin/smbclient
PerlSetVar AuthenProgramSuccess  "OK: SMB login succeeded"

# other variables needed by AuthenProgram (up to 9 supported)
PerlSetVar AuthenProgramArg1     thompdc4
PerlSetVar AuthenProgramArg2     netlogon

PerlAuthenHandler Apache::Authen::Program

# Standard require stuff, only user and 
# valid-user work currently
require valid-user
</Directory>

These directives can be used in a .htaccess file as well.

If you wish to use your own PerlAuthzHandler then the require 
directive should follow whatever handler you use.

= head1 DESCRIPTION

This mod_perl module provides a reasonably general mechanism to perform username/password authentication in Apache by calling an external program. Authentication by an external program is useful when a program can perform an authentication not supported by any Apache modules (for example, cross-domain authentication is not supported by Apache::NTLM or Apache::AuthenSmb, but is supported by Samba's smbclient program).

You must define the program pathname AuthenProgram and the standard output success string AuthenProgramSuccess. The first two arguments to the program are the username and either the password or a temporary file with the password, depending on whether AuthenProgramPassword has the value "File". "File" forces sending the password to AuthenProgram through a temporary file to avoid placing passwords on the command line where they can be seen by ps(1).

Additional program arguments can be passed in the variables AuthenProgramArg1, AuthenProgramArg2, etc. Up to 9 of these variables are supported.

The examples/ subdirectory has sample programs for doing Samba-based SMB authentication (examples/smblogon), Oracle authentication (examples/oralogon), and a simple example (examples/filelogon) that demonstrates communicating the password through a temporary file.

If you are using this module please let me know, I'm curious how many people there are that need this type of functionality.

This module was adapted from Apache::AuthenSmb.

DESIGN NOTES

This module trades off speed for flexibility -- it is not recommended for use when you need to process lots of authentications/minute, as each authentication requires a fork(). As any program can be used for the authenticator (even programs you don't have the source for), this module does give you great flexibility (as said before, at the expense of sub-maximal speed).

AUTHOR

Mark Leighton Fisher <mark-fisher@fisherscreek.com>

COPYRIGHT

Copyright (c) 2002-2004 Mark Leighton Fisher, Fisher's Creek Consulting, LLC.

This module is free software; you can redistribute it and/or modify it under the same terms as Perl itself.