Re: [cobalt-users] Password Authenticated Sites (Methods)

[Kris Dahl <krislists@xxxxxxxxxxxxx>]

> With the Cobalt RaQ3i, as it stands, without re-compiling apache or
> "breaking" anything, are there any better methods that can be employed?
> Perhaps via PostgreSql, MySql or DBM or something?

PostgreSql, MySql or DBM are all databases, not authentication systems.
Certainly they can be part of the authentication system.

I use PHP auth for a lot of our database stuff...  Basically I have a table
of users and password hashes in the MySQL database.  Additionally I have a
permissions table that descibes what resources each user/group has
permission to access.

Every page includes my auth.inc.php file.  It checks the PHP_AUTH_USER and
PHP_AUTH_PW to make sure they have permsissions to access the requested
resource.  If so, it lets them continue, if not it halts the script and
displays an error unauthorized message.

Obviously you would need to use PHP to do it this way... Also each page
needs to be a php page for it to work.  And obviously it won't work if all
you are serving is HTML pages.  For me its convienient because I get more
control and all our content is dynamic anyway.

> Can anyone advise? Perhaps someone has already done this without radically
> changing the RaQ or "invalidating the warrantee".

Well to do it my way, you'd need to install PHP which requires installing an
Apache module (and either upgrading Apache or recompiling apache).

But if you are just serving stardard .html files, htaccess will probably be
fine for you.

-k