DACS can extend the capabilities of an
Apache 2.4 web server in two separate ways:
- Enhanced Authentication
By leveraging your existing authentication systems or using its own methods,
DACS can provide a universal,
extensible authentication capability that can replace several Apache modules.
The resulting identities are represented externally within secure
and within Apache and invoked CGI programs through the
REMOTE_USER environment variable.
Industry-standard RFC 2617 Basic and Digest authentication is
implemented directly by DACS.
With "Basic auth", the familiar username/password prompting interaction
with a browser can be configured with any
DACS password-based authentication module.
For example, a user trying to access a
DACS-wrapped resource can be required to
first answer his browser's pop-up window's prompt for a username and password;
the username and password will then be validated by
DACS whichever method has been configured:
NTLM, LDAP, CAS, Unix, and so on.
If authentication is successful,
an authorization check of the user's identity against
the requested resource can be performed automatically.
- Enhanced Access Control
A web site administrator can "DACS-wrap"
portions of a site's URL space by crafting powerful access control rules.
Only if permitted by the rule governing a particular web page, file, program,
or other web resource served by Apache will access be granted.
Access control processing is independent of the resource being
protected by DACS and transparent to the
Rules consist of C-like expressions that can examine a request's arguments
and other context associated with the request.
For example, a rule can restrict access depending on the IP address or
domain name from which the request comes, the value of any variable provided by
Apache, DACS configuration variables,
the current time or date, the identity or method of authentication
of the user making the request, and much more.
The authentication procedure can assign roles to users and an administrator
can define groups of users; access control rules can test for role and
group membership when determining whether access should be granted or denied.
© Copyright 2003-2019 DSS Distributed Systems Software, Inc.
All rights reserved.