Sunday, November 2, 2008

External digest-auth

I was looking at the possibility of doing external auth from apache mod_digest. Looks like it is quite a possibility. I don't know if anyone has ever done this...

typedef struct {
authn_status (*check_password)(request_rec *r, const char *user,const char *password);
authn_status (*get_realm_hash)(request_rec *r, const char *user, const char *realm, char **rethash);
} authn_provider;

basically any module that registers itself in AUTHN_PROVIDER_GROUP needs to implement *check_password* and *get_realm_hash*, so it can get that information from any place it likes to .... One possibility is to get it from an external RESTful http service (using libcurl).

No comments: