Tags:
create new tag
view all tags

Question

I'm not a web programmer and have not been able to get the standard Apache authentication to work. I've done plenty of RTFM, and trial and error, but only errors have resulted. For example, if I take the .htaccess.txt file, plug in my local variable values and remove the file extension, none of the graphics (e.g. the TWiki logo in the upper left corner) work. I have to remove all the lines starting with: 

    SetHandler cgi-script

to get the graphics working again. So then I never get the login dialog box to log in with.

My employer (Dartmouth College) has a public domain authentication scheme (Kerberos) that's used by a number of colleges and links to our LDAP directory. I'd love to use this authentication means, since everyone already uses it. But I don't have the perl chops to hack up the authentication code in Twiki myself. I also hesitate to drag in someone local who knows perl, but not Twiki.

However, the Kerberos interface is published and it seems it could provide a suitable LAN login_name value. I sure can't get REMOTE_USER to be recognized...

Could I beg some kind soul to take a look at the API description and sample code and suggest how big a job it would be to implement this in TWiki? Heck, while I'm dreaming, maybe someone could do it for me??? smile

Kerberos API and Sample

  • TWiki version: 01 Dec 2001
  • Web server: Apache/1.3.6 (Unix) mod_perl/1.20
  • Server OS:
  • Web browser: IE
  • Client OS: Win2000

Thanks!

-- StewStryker - 10 Jul 2002

Since I didn't get any answers, let me try another whack at it.

I think the following statements are true:

  1. Twiki uses the variable REMOTE_USER to authenticate the username, generally created by Apache authentication.
  2. I can't get Apache to do the Basic Authentication.
  3. I have the code needed to get the user's process name from Kerberos (see above example link).
  4. Twiki.cfg is called whenever a page request is made.

If all the above are true, then I'm thinking I might be able to edit Twiki.cfg to:

  1. Create the REMOTE_USER variable in Perl.
  2. Call the Kerberos authentication routine and have it give me the username
  3. Assign that username to REMOTE_USER
  4. Twiki would try to match REMOTE_USER to the value the user had set in their user setup.

Does this make sense?

Or is it ludicrous to add a call to get the Kerberos value each time a page is requested, just to do authentication?

Or can I not create the REMOTE_USER variable in Perl and expect Twiki to read it as if it was created by Apache authentication?

Finally, if I'm going to hack Twiki.cfg this way, I'm seriously thinking about installing the current beta version, so I'll be less likely to have to hack a different version in the future. Any thoughts on that idea?

Any chance there's a new spot for an authentication plug-in in the beta, that would facilitate this w/o hacking Twiki.cfg? Thanks, Stew

-- StewStryker - 14 Aug 2002

Answer

.

WebForm
SupportStatus ClosedUnanswered
Edit | Attach | Watch | Print version | History: r3 < r2 < r1 | Backlinks | Raw View | Raw edit | More topic actions
Topic revision: r3 - 2002-09-08 - TWikiAdmin
 
  • Learn about TWiki  
  • Download TWiki
This site is powered by the TWiki collaboration platform Powered by Perl Hosted by OICcam.com Ideas, requests, problems regarding TWiki? Send feedback. Ask community in the support forum.
Copyright © 1999-2026 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.