Authentication plugins/front end

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

Authentication plugins/front end

@lbutlr
I'm not sure exactly what I am looking for, so not sure exactly what to search for.

Basically, I would like to add authentication to web applications or sites that have no support for authentication, and I wonder if there is some sort of plugin for apache that I can use that sits between the outside and the web pages that handles authentication better than the simple httpauth? Perhaps even with support for such "advanced" features as password reset or OAuth?

In most cases I do not want to touch the code for the actual webapp/site beyond maybe changes to .htaccess that would not interfere with the settings already in htaccess.

This must be something people have already done.



--
Did they get you to trade your heroes for ghosts? Hot ashes for
        trees? Hot air for a cool breeze? Cold comfort for change?



---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: Authentication plugins/front end

Yehuda Katz
We use mod_auth_cas. We wrote our own cas server, but there are some off the shelf options including with support for MFA, password reset, and lots more. There is also mod_auth_tkt, but I haven't used it.

- Y

Sent from a device with a very small keyboard and hyperactive autocorrect.

On Sat, Jun 6, 2020, 10:12 PM @lbutlr <[hidden email]> wrote:
I'm not sure exactly what I am looking for, so not sure exactly what to search for.

Basically, I would like to add authentication to web applications or sites that have no support for authentication, and I wonder if there is some sort of plugin for apache that I can use that sits between the outside and the web pages that handles authentication better than the simple httpauth? Perhaps even with support for such "advanced" features as password reset or OAuth?

In most cases I do not want to touch the code for the actual webapp/site beyond maybe changes to .htaccess that would not interfere with the settings already in htaccess.

This must be something people have already done.



--
Did they get you to trade your heroes for ghosts? Hot ashes for
        trees? Hot air for a cool breeze? Cold comfort for change?



---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]