It's better when it's simple

User Tools

Site Tools



a lightweight cookie-based authentication module, for Apache versions 1.3.x and 2.0.x. (currently 2.2.x is supported by the beta version) It implements a single-sign on framework that works across multiple Apache instances and multiple machines. mod_auth_tkt site


this actually should work for anything that sets REMOTE_USER or other unique way to detect logged in user.

mod_auth_tkt sets REMOTE_USER environment variable once authenticated. implementation is very simple. I want users who are authenticated by mod_auth_tkt recognized by DokuWiki. Wiki admin users (set in users.auth.php) should be recognized as well. note: my DokuWiki is behind proxy so the REMOTE_USER becomes HTTP_REMOTE_USER in my case. change it to REMOTE_USER based on your situation.

i am mainly a Perl programmer. the code is mostly copy and paste from PunBB, basic, plain auth classes and some of my own code. please let me know if there is anything need to be improved.

save the following code to inc/auth/mod_auth_tkt.class.php

 * mod_auth_tkt auth backend
 * Uses external Trust mechanism to check against mod_auth_tkt's
 * ENV variable. 
 * @author    Qiang Li <qiangli at>
define('DOKU_AUTH', dirname(__FILE__));
class auth_mod_auth_tkt extends auth_basic {
   * Constructor.
   * Sets additional capabilities and config strings
  function auth_mod_auth_tkt(){
    $this->cando['external'] = true;
   * Just checks against the $pun_user variable
  function trustExternal($user,$pass,$sticky=false){
    global $USERINFO;
    global $conf;
    $sticky ? $sticky = true : $sticky = false; //sanity check
    if( isset($_SERVER['HTTP_REMOTE_USER']) && $_SERVER['HTTP_REMOTE_USER'] != 'guest' ){
      // okay we're logged in - set the globals
      $groups = $this->_getUserGroups($_SERVER['HTTP_REMOTE_USER']);
      $USERINFO['pass'] = '';
      $USERINFO['mail'] = '';
      $USERINFO['grps'] = $groups;
      $_SESSION[$conf['title']]['auth']['user'] = $_SERVER['HTTP_REMOTE_USER'];
      $_SESSION[$conf['title']]['auth']['info'] = $USERINFO;
      return true;
    return false;
  function _getUserGroups($user){
      if(!@file_exists(AUTH_USERFILE)) return;
      $lines = file(AUTH_USERFILE);
      foreach($lines as $line){
        $line = preg_replace('/#.*$/','',$line); //ignore comments
        $line = trim($line);
        if(empty($line)) continue;
        $row    = split(":",$line,5);
        $groups = split(",",$row[4]);
        if($user == $row[0]) return $groups;
auth/mod_auth_tkt.txt · Last modified: 2008-12-09 19:46 by

Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
CC Attribution-Share Alike 4.0 International Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki