DokuWiki

It's better when it's simple

User Tools

Site Tools


auth:mod_auth_tkt

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
auth:mod_auth_tkt [2007-12-07 00:21]
130.63.54.69
auth:mod_auth_tkt [2008-12-09 19:46] (current)
70.103.232.219
Line 1: Line 1:
 +==== mod_auth_tkt ====
 +a lightweight cookie-based authentication module, for Apache versions 1.3.x and 2.0.x. (currently 2.2.x is supported by the beta version) It implements a single-sign on framework that works across multiple Apache instances and multiple machines. [[http://www.openfusion.com.au/labs/mod_auth_tkt/|mod_auth_tkt site]]
 +
 +
 +==== Implementation ====
 +
 +this actually should work for anything that sets REMOTE_USER or other unique way to detect logged in user. 
 +
 +mod_auth_tkt sets REMOTE_USER environment variable once authenticated. implementation is very simple. I want users who are authenticated by mod_auth_tkt recognized by DokuWiki. Wiki admin users (set in users.auth.php) should be recognized as well. note: my DokuWiki is behind proxy so the REMOTE_USER becomes HTTP_REMOTE_USER in my case. change it to REMOTE_USER based on your situation.
 +
 +i am mainly a Perl programmer. the code is mostly copy and paste from PunBB, basic, plain auth classes and some of my own code. please let me know if there is anything need to be improved.
 +
 +save the following code to inc/auth/mod_auth_tkt.class.php
 +
 +<code php>
 +<?php
 +/**
 + * mod_auth_tkt auth backend
 + *
 + * Uses external Trust mechanism to check against mod_auth_tkt's
 + * ENV variable. 
 + *
 + * @author    Qiang Li <qiangli at cpan.org>
 + */
 +
 +define('DOKU_AUTH', dirname(__FILE__));
 +define('AUTH_USERFILE',DOKU_CONF.'users.auth.php');
 +
 +class auth_mod_auth_tkt extends auth_basic {
 +
 +  /**
 +   * Constructor.
 +   *
 +   * Sets additional capabilities and config strings
 +   */
 +  function auth_mod_auth_tkt(){
 +    $this->cando['external'] = true;
 +  }
 +
 +  /**
 +   * Just checks against the $pun_user variable
 +   */
 +  function trustExternal($user,$pass,$sticky=false){
 +    global $USERINFO;
 +    global $conf;
 +    $sticky ? $sticky = true : $sticky = false; //sanity check
 +
 +    if( isset($_SERVER['HTTP_REMOTE_USER']) && $_SERVER['HTTP_REMOTE_USER'] != 'guest' ){
 +      // okay we're logged in - set the globals
 +      $groups = $this->_getUserGroups($_SERVER['HTTP_REMOTE_USER']);
 +
 +      $USERINFO['name'] = $_SERVER['HTTP_REMOTE_USER'];
 +      $USERINFO['pass'] = '';
 +      $USERINFO['mail'] = '';
 +      $USERINFO['grps'] = $groups;
 +
 +      $_SERVER['REMOTE_USER'] = $_SERVER['HTTP_REMOTE_USER'];
 +      $_SESSION[$conf['title']]['auth']['user'] = $_SERVER['HTTP_REMOTE_USER'];
 +      $_SESSION[$conf['title']]['auth']['info'] = $USERINFO;
 +      return true;
 +    }
 +    
 +    return false;
 +  } 
 +  
 +  function _getUserGroups($user){
 +      if(!@file_exists(AUTH_USERFILE)) return;
 +
 +      $lines = file(AUTH_USERFILE);
 +      foreach($lines as $line){
 +        $line = preg_replace('/#.*$/','',$line); //ignore comments
 +        $line = trim($line);
 +        if(empty($line)) continue;
 +
 +        $row    = split(":",$line,5);
 +        $groups = split(",",$row[4]);
 +
 +        if($user == $row[0]) return $groups;
 +      }
 +      return;
 +    }                          
 +}
 +
 +</code>
 +
 +
  
auth/mod_auth_tkt.txt ยท Last modified: 2008-12-09 19:46 by 70.103.232.219