Feature #426
Updated by gstrauss over 8 years ago
I've been looking for a single-signon method that would work with lighttpd. _mod_auth_tkt_ (http://www.openfusion.com.au/labs/mod_auth_tkt/) is the latest version of a single-signon framework for apache. The ticket creation step can be done by any CGI script (accessing user information in some repository), and the runtime ticket validation (authentication) is performed by the mod_auth_tkt apache module. The ticket can also carry _token_ strings to authorize access to particular resources. Since ticket validation performs calculations (MD5 hashing and string comparisons) rather than file or database access, it would be lightweight. Is there any interest or activity to provide something like this for lighty? I've been migrating sites from apache to lighttpd, but would need support for mod_auth_tkt or something similar to move others. Using a _ticket_ for authentication and authorization is an appealing idea: no more htpasswd or .htaccess files, and no repository queries from the web server authentication module. -- bill