HTTPD Auth?

You have a suggestion for a future version of phpMyFAQ? Then post it here!

Moderator: Thorsten

jimh
Posts: 8
Joined: Tue Jan 09, 2007 10:45 pm

HTTPD Auth?

Post by jimh »

(Heh, they just started playing 99 Luftballons on Radio Paradise. I don't see that on Thorsten's 80s wish list!)

I may be in minority in employing phpMyFAQ on restricted intranet. That is my case, and we use Pubcookie (pubcookie.org) for user authentication against university ID/password, so I always have $SERVER[REMOTE_USER] available.

I see functions.php uses REMOTE_USER to assist with LDAP lookup. My question is whether this could be extended to make password optional (HTTPD Auth) -- even to auto-create non-privileged default user accounts at first visit.

If autocreated accounts, this would allow something like "My Questions" option (maybe that exists and I missed it) but user table would need to be extended to include uid/REMOTE_USER in addition to LDAP cn, I think.

It would be too much to ask a *third* feature question today, so I will just say:

Drupal integration? :)

I am pleased to be able to get back to setting up this very nice program.

Thanks!

Jim
matteo
Posts: 572
Joined: Sun Nov 20, 2005 6:53 pm
Location: Italy

Post by matteo »

Hi Jim,
AFAIK no one of the PMF users use a Pubcookie infrastructure: we'll talk internally how and when addressing such a(n interesting) request to balance new features requests, the current tasks plan and, last but not least, the spare time of the Dev Team Members ;).

Ciao,
Matteo
phpMyFAQ QA / Developer
Amazon.co.uk Wishlist
jimh
Posts: 8
Joined: Tue Jan 09, 2007 10:45 pm

Web Auth

Post by jimh »

matteo wrote:Hi Jim,
AFAIK no one of the PMF users use a Pubcookie infrastructure: we'll talk internally how and when addressing such a(n interesting) request to balance new features requests, the current tasks plan and, last but not least, the spare time of the Dev Team Members ;).

Ciao,
Matteo
Thanks.

I think I may be in minority (i.e. intranet/restricted access). Pubcookie is nice, but there are other Apache/Web server auth modules that wiill generate REMOTE_USER. I have seen other systems implement this simply as "WebAuth" or "SSO" where you simply intstruct the system to "trust REMOTE_USER completely". In one open-source application, MRBS, I use "Omni httpd auth" because that was what was already there; it's all the same.

In Drupal I am using a "WebLogin" module simply becuase I found it before I found a specific PubCookie extension. Either one works.

So I think this could be very generic with no special consideration of PubCookie. I have done this in a few small applications and I just use a stub of $userid="jimh"; to test if I am not authenticated and don't have REMOTE_USER but want to test.

Cheers,

Jim
matteo
Posts: 572
Joined: Sun Nov 20, 2005 6:53 pm
Location: Italy

Re: Web Auth

Post by matteo »

Hi,
jimh wrote:Pubcookie is nice, but there are other Apache/Web server auth modules that wiill generate REMOTE_USER. I have seen other systems implement this simply as "WebAuth" or "SSO" where you simply intstruct the system to "trust REMOTE_USER completely". In one open-source application, MRBS, I use "Omni httpd auth" because that was what was already there; it's all the same.
there're also several others SSO infrastructures that use specs like e.g. SAML, being more abstract and with a strong trust model. Generally speaking, trusting REMOTE_USER is not good but I recognize that often everything is trusted inside a LAN context.
Whilst 2.0.0 has a pluggable auth system, 1.6.x needs custom code on project basis. I'll look, time permitted, at how a simple hack could move the current LDAP code to something useful for your needs.

Ciao,
Matteo
phpMyFAQ QA / Developer
Amazon.co.uk Wishlist
jimh
Posts: 8
Joined: Tue Jan 09, 2007 10:45 pm

Re: Web Auth

Post by jimh »

matteo wrote:Hi,
there're also several others SSO infrastructures that use specs like e.g. SAML, being more abstract and with a strong trust model. Generally speaking, trusting REMOTE_USER is not good but I recognize that often everything is trusted inside a LAN context.
Whilst 2.0.0 has a pluggable auth system, 1.6.x needs custom code on project basis. I'll look, time permitted, at how a simple hack could move the current LDAP code to something useful for your needs.

Ciao,
Matteo
Matteo,

I spent some time looking at 2.x roadmap and I installed 2.0 alpha in parallel. From my standpoint, if you were able to work something like this into auth model for 2.0, I don't see why you would want to spend time working on 1.6. But that's just me. I will try to look at 2.0 auth subsystem as it develops. Thanks! Jim
jimh
Posts: 8
Joined: Tue Jan 09, 2007 10:45 pm

LDAP and auto user create from REMOTE_USER

Post by jimh »

I just returned from holiday and found the 2.x releases. Woohoo! The 1.6.8->2.0.1 update worked great.

So I guess now would be a good time to resurrect this feature question.

Since my application is a PubCookie-protected intranet that requires a valid user ID (from an Apache authgroupfile), I would like to automatically register users in phpMyFAQ upon first visit and add their LDAP ID/name/EMail with very limited initial privileges. I see some of the basic LDAP functions and the REMOTE_USER short name lookup function, but what would be the sanest way to add "auto user create"?

EDIT: I guess I should also restate that it would be desired to have this REMOTE_USER automatically log in without password. Now that we can assign owners to different categories, I expect we will have many more users who will need to log in to administer their categories' FAQs.

THANKS!

Jim
Thorsten
Posts: 15560
Joined: Tue Sep 25, 2001 11:14 am
Location: #phpmyfaq
Contact:

Post by Thorsten »

Hi,

we plan to add this - maybe in 2.1.0! The big problem will be that we need some testers for that. Would you like to support us here?

bye
Thorsten
phpMyFAQ Maintainer and Lead Developer
amazon.de Wishlist
jimh
Posts: 8
Joined: Tue Jan 09, 2007 10:45 pm

Testing HTTPD auth?

Post by jimh »

Thorsten,

I would be pleased to do some testing of HTTPD auth functions. I have created 30-40 FAQs, but I have not put phpMyFAQ into general use yet, so I could afford to test on my existing installation.

Thanks!

Jim
jimh
Posts: 8
Joined: Tue Jan 09, 2007 10:45 pm

Re: Testing HTTPD auth?

Post by jimh »

I have been sidetracked for a while, but I would still be interested in testing or working on this. It is starting to get dark and cold here -- so a better time to work on such things!

Jim
Thorsten
Posts: 15560
Joined: Tue Sep 25, 2001 11:14 am
Location: #phpmyfaq
Contact:

Post by Thorsten »

Hi Jim,

if you want to, you can start using phpMyFAQ 2.5.0-dev. Thanmk you very much!

bye
Thorsten
phpMyFAQ Maintainer and Lead Developer
amazon.de Wishlist
Thorsten
Posts: 15560
Joined: Tue Sep 25, 2001 11:14 am
Location: #phpmyfaq
Contact:

Re: HTTPD Auth?

Post by Thorsten »

Hi,

HTTP Auth is now implemented in phpMyFAQ 2.5.0.

bye
Thorsten
phpMyFAQ Maintainer and Lead Developer
amazon.de Wishlist
salnet
Posts: 12
Joined: Wed Jun 10, 2009 8:54 pm

Re: HTTPD Auth?

Post by salnet »

Hello Thorsten,

it's a nice feature, thank you!
How can I use ist? I haven't found anything in Admin-Menu.

Kind regards,
Timo
Thorsten
Posts: 15560
Joined: Tue Sep 25, 2001 11:14 am
Location: #phpmyfaq
Contact:

Re: HTTPD Auth?

Post by Thorsten »

Hi,

just add a .htaccess file in the phpMyFAQ root folder with the auth credentials. phpMyFAQ will automatically detect the authentication done by Apache.

bye
Thorsten
phpMyFAQ Maintainer and Lead Developer
amazon.de Wishlist
salnet
Posts: 12
Joined: Wed Jun 10, 2009 8:54 pm

Re: HTTPD Auth?

Post by salnet »

Thanks for the explanation.

I renamed _.htaccess to .htaccess and inserted

Code: Select all

AuthUserFile /var/data/db/users/.htpasswd
AuthType Basic
require valid-user
The .htpasswd is ok, but the it seems not to work. After login with HTTP-Auth I'm still not logged in in pmf, the login-form in pmf is shown. When I insert any data from .htpasswd I can't login.
Thorsten
Posts: 15560
Joined: Tue Sep 25, 2001 11:14 am
Location: #phpmyfaq
Contact:

Re: HTTPD Auth?

Post by Thorsten »

Hi,

okay... the HTTP Auth was a 30 minute hack... :oops:

I'll check this.

bye
Thorsten
phpMyFAQ Maintainer and Lead Developer
amazon.de Wishlist
Post Reply