(Add tracker bug) |
|||
(3 intermediate revisions by the same user not shown) | |||
Line 19: | Line 19: | ||
* Targeted release: [[Releases/21 | Fedora 21 ]] | * Targeted release: [[Releases/21 | Fedora 21 ]] | ||
* Last updated: 2014-04-08 | * Last updated: 2014-04-08 | ||
* Tracker bug: | * Tracker bug: [https://bugzilla.redhat.com/show_bug.cgi?id=1104678 #1104678] | ||
== Detailed Description == | == Detailed Description == | ||
Line 37: | Line 37: | ||
== Scope == | == Scope == | ||
* Proposal owners: Three new packages (Apache modules) and rebase of sssd. | |||
Three new packages (Apache modules) and rebase of sssd. | |||
* Other developers: N/A (not a System Wide Change) | * Other developers: N/A (not a System Wide Change) | ||
Line 82: | Line 79: | ||
--> | --> | ||
[[Category: | [[Category:ChangeAcceptedF21]] | ||
<!-- When your change proposal page is completed and ready for review and announcement --> | <!-- When your change proposal page is completed and ready for review and announcement --> | ||
<!-- remove Category:ChangePageIncomplete and change it to Category:ChangeReadyForWrangler --> | <!-- remove Category:ChangePageIncomplete and change it to Category:ChangeReadyForWrangler --> |
Latest revision as of 13:51, 4 June 2014
Web Application Authentication
Summary
On operating system level, there are numerous authentication and identity lookup mechanisms, some of them using sssd. With new Apache modules and new sssd, some of those mechanisms become more easily consumable by web applications. Various web application environments and frameworks can then consume results of the authentication and information retrieval using environment variables similar to REMOTE_USER.
Owner
- Name: Jan Pazdziora
- Name: Jakub Hrozek
- Email: jpazdziora@redhat.com
- Release notes owner:
Current status
Detailed Description
With mod_authnz_pam, PAM authentication and access checks are available to web applications, allowing wider combination of authentication and access controls. One specific target is host-based access control rules of FreeIPA for Kerberos SSO via pam_sss and sssd.
The mod_intercept_form_submit module makes it possible to enable the PAM authentication of mod_authnz_pam on normal logon form handling paths, which can then be consumed by web application with fairly minimal changes.
The mod_lookup_identity uses sssd-dbus to retrieve additional attributes like name, email address, or group membership, and populates environment variables for easy consumption of this information by web applications.
The sssd-dbus implements new service ifp which provides access to additional user-related pieces of information.
Benefit to Fedora
- Better integration in large / enterprise deployments.
Scope
- Proposal owners: Three new packages (Apache modules) and rebase of sssd.
- Other developers: N/A (not a System Wide Change)
- Release engineering: N/A (not a System Wide Change)
- Policies and guidelines: N/A (not a System Wide Change)
Upgrade/compatibility impact
N/A (not a System Wide Change)
How To Test
N/A (not a System Wide Change)
User Experience
N/A (not a System Wide Change)
Dependencies
N/A (not a System Wide Change)
Contingency Plan
- Contingency mechanism: (What to do? Who will do it?) N/A (not a System Wide Change)
- Contingency deadline: N/A (not a System Wide Change)
- Blocks release? N/A (not a System Wide Change)
- Blocks product? None.
Documentation
http://www.freeipa.org/page/Web_App_Authentication