Greetings!
Please find attached mod_auth_cookie_mysql2-0.7.ebuild and
55_mod_auth_cookie_mysql2.conf for submission into portage.
With mod_auth_cookie_mysql2 you can authorize your users with cookies. An
external script sets the cookie and this module checks it against a MySQL
database. The username/password combination is only one time transferred to the
webserver when the external authenticator script (which sets the cookie) checks
the user data. The generated cookie consists only of random session data. So
you can, for example, authenticate the user and set the cookie in a ssl
connection and then use the cookie in a non-ssl environment and nobody can spy
the username/password. Since the cookie is only random session data nobody can
"hack" the system by manipulating the cookie values. Additionally you can add
checks for session expiry and the correct remote ip on the server side.
I suggest placing this ebuild in www-apache since it's an Apache module.
This package depends on MySQL and Apache2
The ebuild was added to CVS as www-apache/mod_auth_cookie_mysql2, it should
show up on the rsync mirrors in a few hours.
I cleaned the ebuild up a bit by deleting the src_install part, as it's not
needed (config files get chmod 0644 by default if you do nothing), and added
apache-pkg_postinst to pkg_postinst() so that it outputs also the other, normal
warnings and messages.
The config file also needed the directives to be wrapped inside a <Directory
""></Directory> block, which I did, commented out and added a comment about how
it's needed for it to work and how to use it.
Thanks for the ebuild and config!
Best regards, CHTEKK.
