durusmail: quixote-users: [OT] authenticating reverse proxy
[OT] authenticating reverse proxy
[OT] authenticating reverse proxy
2005-04-08
Bud P. Bruegger
[OT] authenticating reverse proxy
Bud P. Bruegger
2005-04-08
The following is probably off topic, but I hope someone on the list has
some good ideas on how to handle a problem I'm facing.

I would like to protect multiple application servers of different
technology (but including quixote with various httpds) behind a reverse
proxy that centrally manages authentication (in a complex scenario with
several different kinds of smartcards as well as Basic Auth) and access
control.  The reverse proxy is simply Apache 2.0 running mod-rewrite and
mod-ssl.

My problem is that I would like to find a way for authentication
information to propagate from the reverse proxy to the application
servers.  Ideally, an application should see the same as it would with HTTP
Basic Authentication to keep it all as standard as possible.  Also, it
would be nice to reduce as much as possible modifications to the
application server's http daemons.  That way, it would be easier to support
a wide range of technologies (medusa, twisted, apache, ... for quixote..).

In some experiments with Apache 2.0, I tried the RequestHeader directive of
mod-headers.  While it should work, I haven't managed to use the env.
variable REMOTE_USER as value yet.  But this could be a valid mechanism to
propagate data from the proxy to the app server.  I haven't tried yet
whether mod-headers can be used to set REMOTE_USER or whether a specialized
handler is neede for this.

Many thanks in advance for any direction, ideas, and (obviously) solutions.

cheers
-bud


--------------------------------------------------------------------------------
-----------------
Ing. Bud P. Bruegger, Ph.D.                 +39-0564-488577
(voice),  -21139 (fax)
Servizio Elaborazione Dati                    e-mail:  bud@comune.grosseto.it
Comune di
Grosseto                            http://www.comune.grosseto.it/cie/
Via Ginori,
43                                      http://OpenPortalGuard.sf.net
58100 Grosseto (Tuscany, Italy)           jabber:  bud@amessage.info

Free Software in Public Administration:  not just a good idea, but a necessity

Perfection is attained, not when there is nothing more to be added, but
when there is nothing more to be taken away -- Antoine de Saint-Exupery
reply