mod_auth_any: Generic Authentication for Apache
The ITLab
Description
Introduction mod_auth_any is a runtime module for the Apache HTTP Server. Quite possibly the best webserver in the world. This module allows you to use any command line program (such as webNIS) to authenticate a user. No more having to keep AuthUserFiles in sync, or maintain some nasty database. You can even have an expect script that does ssh authentication.
News
20041122 1.6 RC1 released. The crash bugs may be fixed.
20041022 1.6 Devel release. Does caching (with md5'd passwords). Thanks to Krasimir Kazakov for the patch that triggered this.
20041005 Code cleanup and Makefile enhancement. You might want to wait for the next release, which should be soon. It will include caching.
20040805 New release 1.4 now works on Apache2 as well as 1.x
20030503 New release now works on OSX
20030407 Security update: mod_auth_any prior to version 1.3 contains several vulnerabilities in the way it handles shell arguments.
Version 1.3 builds on the patches provided by RedHat to properly handle forking and parameters passed to the AuthAnyUserProg.
A new Apache directive AuthAnyCLParams is introduced.
This release is only for version 1.x of Apache. An Apache 2.x release will be forthcoming.
Download
mod_auth_any in CVS Browse the mod_auth_any CVS repository.
mod_auth_any-1.6-rc1.tar.gz 1.6 release candidate 1. The crash problems in 1.6-dev may be fixed.
mod_auth_any-1.6.tar.gz 1.6 Devel release to test caching.
mod_auth_any-1.5.tar.gz Code clean-up and Makefile enhancement.
mod_auth_any-1.4.tar.gz Newest version tries for Apache 2 compatibility 2004-08-05
Older versions Browse the older versions (not supported any more).
Installation Instructions
As of version 1.4, the recommended compilation method uses the Makefile. As of version 1.5, please see the readme file in the docs directory, and use the Makefile.
Compiling with Apache See the Makefile. Make targets are apache1 and default (which compiles for apache2).
You may need the Apache source tree for this method.
  • Unpack the tarball (zcat mod_auth_any.tgz | tar -xf -)
  • Reconfigure apache with
    --add-module=[location of mod_auth_any.c] --enable-shared=auth_any
  • Add the following to httpd.conf
    • LoadModule auth_any_module modules/mod_auth_any.so
    • AddModule mod_auth_any.c
Compiling Independently
(Recommended for RedHat) 		This method is easier, assuming you have a properly installed Apache rpm with all the apxs trimmings.
  • Unpack the tarball (zcat mod_auth_any.tgz | tar -xf -)
  • Configure with apxs
    apxs -c mod_auth_any.c
    apxs -i -a -n auth_any mod_auth_any.so
  • Add the following to httpd.conf
    • LoadModule auth_any_module libexec/mod_auth_any.so
    • AddModule mod_auth_any.c
  • Ignore complaints about EAPI, and don't forget to restart httpd.
Usage Instructions
Quickstart Follow the examples in the htaccess file included with the tarball. It's pretty self explanatory. Group files are supported, and their syntax is the same as the AuthGroupFile syntax you use with mod_auth.
Directives These are the apache directives introduced by mod_auth_any
  • AuthAnyUserProg: Specify the program you want to use. Commandline parameters cannot be passed here.
  • AuthAnyCLParams: Specify the parameters to be passed to the AuthAnyUserProg.
  • AuthAnyGroupFile: Lets you set the file to use for user group definitions.
  • AuthAnyAuthoritative: Heck if I know. I just wanted to be fully analogous to the mod_auth stuff. Actually I do know, but it's immaterial for the purposes of this discussion.
  • AuthAnyUseCaching: on/off. Defaults to off, I think, so you need to turn it on if you want caching. Caching is recommended!
More gory details The username and password are passed in as arguments to the program specified with AuthAnyUserProg directive.
Brought to you by the friendly folks at the ITLab. The "I" in most of this page is probably Nafees. The current maintainer is Satya.