[[wiki:auth:mod_auth_tkt]]
 
Trace: » mod_auth_tkt
Translations of this page?:

mod_auth_tkt

a lightweight cookie-based authentication module, for apache versions 1.3.x and 2.0.x. (currently 2.2.x is supported by the beta version) It implements a single-signon framework that works across multiple apache instances and multiple machines. mod_auth_tkt site

Implementation

this actually should work for anything that sets REMOTE_USER or other unique way to detect logged in user.

mod_auth_tkt sets REMOTE_USER environment variable once authenticated. implementation is very simple. I want users who are authenticated by mod_auth_tkt recognized by dokuwiki. wiki admin users (set in users.auth.php) should be recognized as well. note: my dokuwiki is behind proxy so the REMOTE_USER becomes HTTP_REMOTE_USER in my case. change it to REMOTE_USER based on your situation.

i am mainly a Perl programmer. the code is mostly copy & paste from punbb,basic,plain auth classes and some of my own code. please let me know if there is anything need to be improved.

save the following code to inc/auth/mod_auth_tkt.class.php 

<?php
/**
 * mod_auth_tkt auth backend
 *
 * Uses external Trust mechanism to check against mod_auth_tkt's
 * ENV variable. 
 *
 * @author    Qiang Li <qiangli at cpan.org>
 */
 
define('DOKU_AUTH', dirname(__FILE__));
define('AUTH_USERFILE',DOKU_CONF.'users.auth.php');
 
class auth_mod_auth_tkt extends auth_basic {
 
  /**
   * Constructor.
   *
   * Sets additional capabilities and config strings
   */
  function auth_mod_auth_tkt(){
    $this->cando['external'] = true;
  }
 
  /**
   * Just checks against the $pun_user variable
   */
  function trustExternal($user,$pass,$sticky=false){
    global $USERINFO;
    global $conf;
    $sticky ? $sticky = true : $sticky = false; //sanity check
 
    if( isset($_SERVER['HTTP_REMOTE_USER']) && $_SERVER['HTTP_REMOTE_USER'] != 'guest' ){
      // okay we're logged in - set the globals
      $groups = $this->_getUserGroups($_SERVER['HTTP_REMOTE_USER']);
 
      $USERINFO['name'] = $_SERVER['HTTP_REMOTE_USER'];
      $USERINFO['pass'] = '';
      $USERINFO['mail'] = '';
      $USERINFO['grps'] = $groups;
 
      $_SERVER['REMOTE_USER'] = $_SERVER['HTTP_REMOTE_USER'];
      $_SESSION[$conf['title']]['auth']['user'] = $_SERVER['HTTP_REMOTE_USER'];
      $_SESSION[$conf['title']]['auth']['info'] = $USERINFO;
      return true;
    }
 
    return false;
  } 
 
  function _getUserGroups($user){
      if(!@file_exists(AUTH_USERFILE)) return;
 
      $lines = file(AUTH_USERFILE);
      foreach($lines as $line){
        $line = preg_replace('/#.*$/','',$line); //ignore comments
        $line = trim($line);
        if(empty($line)) continue;
 
        $row    = split(":",$line,5);
        $groups = split(",",$row[4]);
 
        if($user == $row[0]) return $groups;
      }
      return;
    }                          
}
 
wiki/auth/mod_auth_tkt.txt · Last modified: 2007/12/07 00:21 by 130.63.54.69
 
Imprint Recent changes RSS feed Creative Commons License Donate Powered by PHP Valid XHTML 1.0 Valid CSS Driven by DokuWiki
WikiForumIRCBugsTranslate