hozer at hozed.org
Tue May 24 09:03:14 PDT 2005
On Tue, May 24, 2005 at 04:50:21PM +0100, Martin Atkins wrote:
> Brad Fitzpatrick wrote:
> >Here's Net::OpenID::Server ....
> > http://www.danga.com/dist/misc/Net-OpenID-Server-0.01.tar.gz
> >It's really flexible. If you find a way it's not I'd be both shocked and
> >happy to fix it.
> >Somebody should write a cgi script that uses this now. :)
> I was going to write today a simple single-user ID Server CGI script
> using this which can just be dropped in and given a single username and
> password it will authorize. The target audience for this is someone who
> just wants to run his own ID server for himself alone on his
> otherwise-static website.
> I have been halted by the quandry of how to handle the auth step. My
> first thought was to keep it simple and use HTTP auth, but digest auth
> in a CGI script isn't easy because of the need to retain the pending
> nonces. In general, maintaining any kind of state across requests is a
> royal pain in a CGI script.
Can you use apache HTTP Auth and look at the $REMOTE_USER variable?
If it's comeing in from a remote website, the http auth will fail, and
fall back to no authorization..
What about a CGI script and daemon that runs to keep the nonce data? For
anything less than 100 or so users, would flat files work out?
More information about the yadis