[Nufw-users] mod_auth_nufw, an apache authentication module

[Eric Leblond]

Hello everyone,

NuFW core team and INL are proud to introduce mod_auth_nufw, an SSO
apache authentication module using the NuFW authentication framework, to
you.

NuFW 0.7.1, which was released last week, introduces an option that
permits to build a real-time authenticated connection tracking table :
it's a sort of Conntrack table where each entry contains IP parameters
of the connection and the identity of user at the origin of this
connection and the state of the connection. This table is stored in an
SQL database (both MySQL and PostgreSQL are supported).

As a server (like Apache) knows about the IP parameters of the
connections it receives, it can query the SQL database to find the
corresponding entry for each connection. Mod_auth_nufw performs this
exact task for Apache : lookup in the Nufw "conntrack" for the userID,
and let Apache know this user is now identified (and authenticated).
(The authorization task then lays on other Apache modules, and is just
the classical process)

This gives the server the identity of the user who opened the
connection. So the authentication of the user by the server is done and
it's fully transparent to the user. Thus, this principle allows to build
complete Single Sign On systems where the key is a netfilter firewall
using NuFW.

mod_auth_nufw is the first authentication module that uses NuFW
authentication principle. It permits to achieve Single Sign On for a
whole set of apache servers.

mod_auth_nufw is available for download at :
        http://www.inl.fr/article.php3?id_article=24

Happy user filtering,
-- 
Eric Leblond <address@hidden>
INL

signature.asc
Description: This is a digitally signed message part