[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Authentication in CGIs via PAM

Ingo Luetkebohle <ingo@devconsult.de> writes:

> > > I would like to use PAM to do the authentication, but the concept of the
> > > conversational function badly fits with the stateless approach of CGI
> > > interaction.
> Why don't you implement authentication in the Web-Server? Your CGI
> script could check environment variables to retrieve the authenticated
> user name.
> An Apache module implementing PAM is here: http://blank.pages.de/pam/ 

Because none of the PAM authentication modules for apache (and other
servers like POP3 and some IMAP servers) and fundamentally broken if you
try to use anything but username/password combinations.  With the
daemon/CGI approach (somewhat similar to what we did for our extraweb
product here, that needed to support things like password changing, securid
tokens, and arbitrary radius challenge/response exchanges), you can present
_everything_ to the user, exactly as the PAM module asked for it to be
presented.  Whether that is one field at a time or 9 fields at once.

-Bill P.

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []