[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

A new realm concept


I played a bit with the realm and HTTP-authentication things and
think now it's time to publish the results to initiate a discussion:

Basic authentication with Authenticate handler/BasicAuthClass
(Configured in Config.Pi3 if you define realms with the admin-dialog)

The limitation is that a realm could have many users, but a user
couldn't have many realms. So a webmaster must define a user, who's
member of more than one realm twice or more and when the user wants
to change his password the same work again.

A 2nd point is you cannot maintain users (i.e. from CGI scripts) during
the server is up and running i.e. for member areas.

Authentication with Pi3Perl
(using auth.pl example from the Pi3Perl package)

Now you have password files and you could maintain them with CGI if
you like, but Pi3Perl isn't thread safe at this time so you cannot have
more than one handler for authentication realm in your configuration.

I modified auth.pl slightly and changed the structure of the password

Old	user1 password1
	user2 password2
	userN passwordN

New	user1 password1 realm1,realm2,..,realmN
	user2 password2 realm1,realm2,..,realmN
	userN passwordN realm1,realm2,..,realmN

Now I've a file based account administration and one user could be a
member of more than one realm at the same time - maintained with only
one entry.
Before I start to make a CGI-based surface for it (add new/change/delete
users) I wanna ask you for suggestions or hints.
My basic idea for it is to make the administration with 2 operation modes -
"user" and (optional) "admin".
Any comments are welcome.
with regards

Holger 'Zimpel' Zimmermann    Contact me:
Wendishain                    tel./fax company: on demand
Germany                       tel./fax private: on demand
homepage: http://home.t-online.de/home/zimpel/
web server: surf to it from my homepage (online every
            Sunday 20:00-24:00 GMT, start shifted again)
e-Mail:     zimpel@t-online.de