W3C home > Mailing lists > Public > www-talk@w3.org > March to April 1996

Re: custom authentication functions

From: John Franks <john@math.nwu.edu>
Date: Fri, 29 Mar 1996 11:46:26 -0600
Message-Id: <315C21F2.41C67EA6@math.nwu.edu>
To: dnew@fv.com, www-talk@w3.org
I don't know if this thread is a theoretical discussion or 
a practical one with the intent of actually solving someone's
problem.  If it is the latter you might want to look at the
WN server (see http://hopf.math.nwu.edu/) which handles the
problem at hand on UNIX systems in a reasonably secure way.

With WN you can write "authentication modules".  These are
not "compiled in" modules, but like CGI scripts and they
can be written in any language.  They get the authentication
data by reading stdin (the server creates a pipe) and they
signal accept, reject, or error by their return status.

No sensitive information goes in the environment.  Also the
authentication module gets called before any CGI script so
the CGI script is never called if access is denied.  This was
the other problem mentioned here.

Of course this is not portable to other servers, much less
other OS's but it has allowed things like kerberos integration
to Web authentication.

John Franks 	Dept of Math. Northwestern University
		john@math.nwu.edu
Received on Friday, 29 March 1996 12:46:53 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Wednesday, 27 October 2010 18:14:19 GMT