|
Andrew Smith
andy at robotlovesyou.com
Thu Jul 23 15:12:10 EDT 2009
Hello Graham Apologies for not replying to all before. I'm too used to having my had held for me by google groups ;) I'd not come across mod_auth_tkt as I'm pretty new to linux/apache having been coding on windows for far far too long and for some reason it didn't come up when I was searching for suitable solutions. It does look very promising though. If that allows me to drop my requirement for a hook into apache's processing pipeline then I'll be able to move across to mod_wsgi, which seems to be the standard for python/apache integration these days. Thanks! Andy On 23 Jul 2009, at 13:23, Graham Dumpleton wrote: > 2009/7/23 Andrew Smith <andy at robotlovesyou.com>: >> Hello Graham >> >> Thanks for getting back to me >> >> What I am doing is implementing a form based authentication scheme, >> which I >> want to work for static content as well as dynamic. (hence >> implementing it >> as a handler in python) I don't want to use basic authentication >> because it >> does not offer the security or functionality I require. There are >> obviously >> already forms based authentication systems available but none which >> either >> a) The exact functionality I want, or b) Close enough to modify and >> coded in >> a language I already know. >> >> Right now the prototype I have is written using mod_python and >> hooked into >> apache using the PythonAccessHandler option. (The >> PythonAuthenHandler phase >> doesn't seem to fire unless apache is configured to use >> Authentication for a >> particular resource, which I guess makes sense.) >> >> I realise that there will be a performance hit for implementing >> this using >> mod_python but I figure I can manage that by optimising the >> structure of the >> site and ensuring that I only authenticate users for resources which >> actually need it. > > Please use reply-all and keep discussion on list. > > Have you looked at mod_auth_tkt? > > Not that it will help you right now, but Apache 2.4 will have a > mod_session module along with other modules to help implement SSO > across static files and dynamic applications using form based > authentication mechanisms with form provided by however you want to > provide and in format you want it. > > What mod_auth_tkt can achieve now is probably now much different. If > you have looked at it, why wasn't it suitable? > > Graham > >> Thanks >> >> Andy >> >> >> >> On 23 Jul 2009, at 12:06, Graham Dumpleton wrote: >> >>> 2009/7/23 Andrew Smith <andy at robotlovesyou.com>: >>>> >>>> Hello >>>> >>>> I have a couple of questions about the capabilities of mod_python >>>> vs >>>> mod_wsgi. >>>> >>>> My current (mis?)understanding is that mod_wsgi does not allow me >>>> to >>>> provide >>>> handlers for apache stages such as PostReadRequest or Authz in >>>> the same >>>> way >>>> that mod_python does, >>> >>> Correct. >>> >>>> though I understand that I can create a mod_wsgi Authentication >>>> provider. >>> >>> As well as custom group authorization mechanism. >>> >>>> So my questions are 1)Is my understanding of the situation correct >>> >>> Close enough. >>> >>>> and 2) Are there any future plans for mod_wsgi to allow >>>> developers to >>>> plug >>>> into the apache processing pipeline in the same way that >>>> mod_python does >>>> now? >>> >>> Undecided. >>> >>> Is interesting challenge, but a huge amount of effort for something >>> that would be used by a handful of people. >>> >>> From what I have seen people use various handler phases for, they >>> would in many cases be able to achieve the same thing using >>> mod_headers, mod_rewrite or other custom Apache modules, much more >>> easily and much more efficiently. Although Python makes writing >>> content handler nicer, the overhead of Python makes it a very poor >>> choice for other handler phases and input/output filters. >>> >>> My question therefore is, what are you trying to do and why do you >>> think that Python would be a good way of doing it? In what ways >>> don't >>> other Apache modules already do what you want, or allow you a >>> means of >>> doing it? >>> >>> Graham >> >>
|