Mark Leighton Fisher


Apache::AuthenProgram - mod_perl external program authentication module


    <Directory /foo/bar>
    # This is the standard authentication stuff
    AuthName "Foo Bar Authentication"
    AuthType Basic

    # Variables you need to set
    PerlSetVar AuthenProgram         /usr/local/Samba-2.2.3a/bin/smbclient
    PerlSetVar AuthenProgramSuccess  "OK: SMB login succeeded"

    # other variables needed by AuthenProgram (up to 9 supported)
    PerlSetVar AuthenProgramArg1     thompdc4
    PerlSetVar AuthenProgramArg2     netlogon

    PerlAuthenHandler Apache::AuthenProgram

    # Standard require stuff, only user and 
    # valid-user work currently
    require valid-user

    These directives can be used in a .htaccess file as well.

    If you wish to use your own PerlAuthzHandler then the require 
    directive should follow whatever handler you use.


This mod_perl module provides a reasonably general mechanism to perform username/password authentication in Apache by calling an external program. Authentication by an external program is useful when a program can perform an authentication not supported by any Apache modules (for example, cross-domain authentication is not supported by Apache::NTLM or Apache::AuthenSmb, but is supported by Samba's smbclient program).

You must define the program pathname AuthenProgram and the standard output success string AuthenProgramSuccess. The first two arguments to the program are the username and either the password or a temporary file with the password, depending on whether AuthenProgramPassword has the value "File". "File" forces sending the password to AuthenProgram through a temporary file to avoid placing passwords on the command line where they can be seen by ps(1).

Additional program arguments can be passed in the variables AuthenProgramArg1, AuthenProgramArg2, etc. Up to 9 of these variables are supported.

The examples/ subdirectory has sample programs for doing Samba-based SMB authentication (examples/smblogon), Oracle authentication (examples/oralogon), and a simple example (examples/filelogon) that demonstrates communicating the password through a temporary file.

If you are using this module please let me know, I'm curious how many people there are that need this type of functionality.

This module was adapted from Apache::AuthenSmb.


Mark Leighton Fisher <>


Copyright (c) 2002 Mark Leighton Fisher, Thomson multimedia Inc.

This module is free software; you can redistribute it and/or modify it under the same terms as Perl itself.