SLUG Mailing List Archives - Re: [SLUG] safe(ish) single-login from website

To: SLUG <slug@xxxxxxxxxxx>
Subject: Re: [SLUG] safe(ish) single-login from website
From: Gavin Carr <gavin@xxxxxxxxxxxxxxxxx>
Date: Tue, 15 Feb 2005 23:13:53 +1100
Organisation: Open Fusion
User-agent: Mutt/1.4.1i

On Tue, Feb 15, 2005 at 04:41:23PM +1100, Taryn East wrote:
> the issue is that our business allows some of our website to be viewable
> through the website of some of our "channel partners". These channel
> partners have a login to our website to allow them to do this.
> 
> However, the channel partners have customers that only have a login to
> the channel-partner websites... and the channel partners don't want to
> directly give them the login to our site, but do want the pages
> displayed (generally using yucky frames... but hey).
> 
> ok, now they aparrently used to do this by having a url with the
> username/password in it (ie using "basic" http authentication with the
> login details as parameters).

Try mod_auth_tkt: http://www.openfusion.com.au/labs/mod_auth_tkt/

mod_auth_tkt is a drop-in replacement for basic authentication that
uses MD5 tickets to authenticate users. Tickets are usually provided 
via cookies, but in your case it's probably easier to provide them via 
your url (like you were doing for username/password before). (This is
better because your referring site is going to be on a different domain 
than yours, which can screw cookies up.)

So in your context you could, for instance:

- modify the standard mod_auth_tkt login CGI to return the ticket it
  produces for valid users as text output, rather than setting a cookie with it

- get your channel partners to login via that CGI periodically and save 
  the ticket to a text file e.g.

    wget -O ticket https://www.taryn.com/cgi-bin/ticket.cgi?user=foo;pass=bar

- get your channel partners to include that ticket on the initial referral
  to your site in the url e.g.
 
    http://www.taryn.com/partners/index.html?auth_tkt=ticketgoeshere

Easy! ;-)

Cheers,
Gavin

-- 
Open Fusion P/L - Open Source Business Solutions [ Linux - Perl - Apache ]
ph:  +612 9875 5032                                    fax: +612 9875 4317
web: http://www.openfusion.com.au                      mob: +61 403 171712
- Fashion is a variable, but style is a constant - Programming Perl

Follow-Ups:
- Re: [SLUG] safe(ish) single-login from website
  - From: Taryn East

References:
- [SLUG] safe(ish) single-login from website
  - From: Taryn East

Messages sorted by: [ date | thread ]
Prev by Date: Re: [SLUG] safe(ish) single-login from website
Next by Date: Re: [SLUG] safe(ish) single-login from website
Previous by thread: Re: [SLUG] safe(ish) single-login from website
Next by thread: Re: [SLUG] safe(ish) single-login from website