Apache-AuthzNIS
view release on metacpan or search on metacpan
AuthzNIS.pm view on Meta::CPAN
The module calls B<Net::NIS::yp_match> using each of the B<require group>
elements as keys to the the B<group.byname> map, until a match with the
(already authenticated) B<user> is found.
For completeness, the module also handles B<require user> and B<require
valid-user> directives.
= head2 Apache::AuthenNIS vs. Apache::AuthzNIS
I've taken "authentication" to be meaningful only in terms of a user and
password combination, not group membership. This means that you can use
Apache::AuthenNIS with the B<require user> and B<require valid-user>
directives. In the NIS context I consider B<require group> to be an
"authorization" concern. I.e., Group authorization consists of
establishing whether the already authenticated user is a member of one of
the indicated groups in the B<require group> directive. This process may
be handled by B<Apache::AuthzNIS>.
I welcome any feedback on this module, esp. code improvements, given
that it was written hastily, to say the least.
require group elements as keys to the the group.byname map,
until a match with the (already authenticated) user is
found.
For completeness, the module also handles require user and
require valid-user directives.
Apache::AuthenNIS vs. Apache::AuthzNIS
I've taken "authentication" to be meaningful only in terms
of a user and password combination, not group membership.
This means that you can use Apache::AuthenNIS with the
require user and require valid-user directives. In the NIS
context I consider require group to be an "authorization"
concern. I.e., Group authorization consists of establishing
whether the already authenticated user is a member of one of
the indicated groups in the require group directive. This
process may be handled by Apache::AuthzNIS.
I welcome any feedback on this module, esp. code
improvements, given that it was written hastily, to say the
( run in 0.426 second using v1.01-cache-2.11-cpan-49f99fa48dc )