[Cubicweb] Apache authentication: which CubicWeb API?
Dimitri Papadopoulos Orfanos
dimitri.papadopoulos at cea.fr
Sat Oct 5 14:27:56 CEST 2013
Dear list members,
We had already discussed authentication options for an Apache front-end.
I still have a few questions concerning this specific context:
* accounts will be managed within CubicWeb,
* Apache will authenticate against the CubicWeb accounts.
Logilab had suggested Apache should bypass the CubicWeb layer and access
directly the PostgreSQL layer, querying "cw_login" and "cw_upassword"
from the "cw_cwuser" table.
Our sysadmins would rather use the CubicWeb layer. Among the benefits of
this solution, a later migration of CubicWeb accounts to LDAP would not
How to access the CubicWeb layer from an Apache front-end running on the
same server as the CubicWeb repository?
* I have a working prototype of a Python Apache module (see code below)
that acesses the repository through ZMQ. See code below.
* Spawning a "cubicweb-ctl shell" command from the Apache authentication
module doesn't look like a clean/robust solution.
* Is there another way to ask CubicWeb to test an identifier/password
pair? If it helps, remember we are on the same server as the CubicWeb
from mod_python import apache
from cubicweb import dbapi
from cubicweb import AuthenticationError
pw = req.get_basic_auth_pw()
user = req.user
database = 'zmqpickle-tcp://localhost:8181'
dbapi.connect(database, login=user, password=pw)
91191 Gif-sur-Yvette cedex, France
More information about the Cubicweb