Re: custom authentication functions

I don't know if this thread is a theoretical discussion or 
a practical one with the intent of actually solving someone's
problem.  If it is the latter you might want to look at the
WN server (see which handles the
problem at hand on UNIX systems in a reasonably secure way.

With WN you can write "authentication modules".  These are
not "compiled in" modules, but like CGI scripts and they
can be written in any language.  They get the authentication
data by reading stdin (the server creates a pipe) and they
signal accept, reject, or error by their return status.

No sensitive information goes in the environment.  Also the
authentication module gets called before any CGI script so
the CGI script is never called if access is denied.  This was
the other problem mentioned here.

Of course this is not portable to other servers, much less
other OS's but it has allowed things like kerberos integration
to Web authentication.

John Franks 	Dept of Math. Northwestern University

Received on Friday, 29 March 1996 12:46:53 UTC