Feature #426

mod_auth_tkt for lighttpd

Added by Anonymous over 11 years ago. Updated 12 months ago.

Target version:
Start date:
Due date:
% Done:


Estimated time:
Missing in 1.5.x:


I've been looking for a single-signon method that would work with lighttpd. mod_auth_tkt ( is the latest version of a single-signon framework for apache. The ticket creation step can be done by any CGI script (accessing user information in some repository), and the runtime ticket validation (authentication) is performed by the mod_auth_tkt apache module. The ticket can also carry token strings to authorize access to particular resources. Since ticket validation performs calculations (MD5 hashing and string comparisons) rather than file or database access, it would be lightweight.

Is there any interest or activity to provide something like this for lighty? I've been migrating sites from apache to lighttpd, but would need support for mod_auth_tkt or something similar to move others. Using a ticket for authentication and authorization is an appealing idea: no more htpasswd or .htaccess files, and no repository queries from the web server authentication module.

-- bill

mod_auth_tkt.tar.gz (14 KB) mod_auth_tkt.tar.gz Initial version of mod_auth_tkt for lighttpd griph, 2007-12-24 20:22
mod_auth_tkt-0.2.0.tar.gz (14 KB) mod_auth_tkt-0.2.0.tar.gz Corrected installation procedure griph, 2007-12-25 19:14


#1 Updated by Anonymous almost 11 years ago

Replying to :

Is there any interest or activity to provide something like this for lighty?

I'm porting mod_auth_tkt to lighttpd. For now my port correctly checks tickets, renews them and does redirects. Features that are not ported yet include setting and parsing 'back' links, handling guest users and sending tickets as query between web-servers.

-- griph

#2 Updated by tai about 7 years ago

  • Target version set to 1.5.0

I noticed this ticket while looking into mod_auth_tkt for Apache.

While not compatible in data format, "mod_auth_cookie for lighttpd" which I wrote
about a month ago has almost same feature as mod_auth_tkt. It works with 1.5.x, so
anyone who is in need for single sign-on might want to try it.

URL is .

#3 Updated by gstrauss about 1 year ago

  • Assignee deleted (jan)

#4 Updated by gstrauss about 1 year ago

  • Target version deleted (1.5.0)

#5 Updated by gstrauss 12 months ago

  • Description updated (diff)

4b3a91e6 creates an extensible interface for auth backends, so this patch might now be written to integrate with mod_auth, and a custom error page (see server.error-handler config directive) intercept 401 Unauthorized responses to redirect to login page

Also available in: Atom