Troy Benjegerdes hozer at
Tue May 24 09:03:14 PDT 2005

On Tue, May 24, 2005 at 04:50:21PM +0100, Martin Atkins wrote:
> Brad Fitzpatrick wrote:
> >Here's Net::OpenID::Server ....
> >
> >
> >
> >It's really flexible.  If you find a way it's not I'd be both shocked and
> >happy to fix it.
> >
> >Somebody should write a cgi script that uses this now. :)
> >
> I was going to write today a simple single-user ID Server CGI script 
> using this which can just be dropped in and given a single username and 
> password it will authorize. The target audience for this is someone who 
> just wants to run his own ID server for himself alone on his 
> otherwise-static website.
> I have been halted by the quandry of how to handle the auth step. My 
> first thought was to keep it simple and use HTTP auth, but digest auth 
> in a CGI script isn't easy because of the need to retain the pending 
> nonces. In general, maintaining any kind of state across requests is a 
> royal pain in a CGI script.

Can you use apache HTTP Auth and look at the $REMOTE_USER variable?

If it's comeing in from a remote website, the http auth will fail, and
fall back to no authorization.. 

What about a CGI script and daemon that runs to keep the nonce data? For
anything less than 100 or so users, would flat files work out?

More information about the yadis mailing list