Remote
User Authentication in Libraries
Libproxy
"Libproxy is a simple rewriting
pass-through proxy system designed especially for libraries." Written by
Richard L. Goerwitz III. Also inlcudes an overview of other available
remote authentication methods.
Vital
Connections: Remote Users and Licensed Resources
Powerpoint slides from a presentation
by Leslie Diaz and Steve Hunt at the California Library Association Annual
Conference, Nov 5, 2001, Long Beach, Calif.
RUAL
Presentations by Linda Winters,
Leslie Diaz and Steve Hunt at a CCL/CLA-Academic Section sponsored workshop,
held Friday, March 9, 2001 at Santa Ana College; Friday, March 16
at Laney College.
Are
You Who You Say You Are?
Network Access Management in California
Community College Libraries. Prepared for the Glendale Community College
Library by Nancy Hunt-Coffey. Also available in PDF
APLA
- remote access
Authenticating off-campus users
to provide access to licensed databases. APLA conference session - June
2, 2001, Charlottetown, Prince Edward Island.
eLib
Authentication Concertation Day
Presentations from a concertation
day looking at issues surrounding authentication. The eLib Authentication
Concertation day took place at SOAS in London on 10th March, 1999. The
Electronic Libraries Programme (eLib) is funded by the Joint Information
Systems Committee (JISC)
Authenticated
Off-Net Access to Commercial Library Resources
By Mark Sheehan and Allen Porter.
This article was published in CAUSE/EFFECT journal, Volume 22 Number 2
1999.
Management
of Access to Networked Information Resources (User Authentication)
Proposal by Council of Australian
University Libraries and Council of Australian University Libraries. The
aim of the proposal is to provide a common means of authentication and
authorisation to provide researchers with single signon access to a range
of networked information resources, independent of the researcher's location
and means of access to the network.
Proxy Web
Servers in Libraries
Slides from presentations at LITA
Regional Institutes, results from a survey of web proxy servers in libraries,
and a solutions page, all by Peter Murray, Computer Services Librarian,
University of Connecticut School of Law.
Referral
URLs for Patron Access to Premium Databases
Discussion of use of scripts for
login and use of referral URLs as well as information of the approaches
favored by several database vendors.
Using
Proxy Servers - Presentation to Spring 1999 CNI Meeting
Using Proxy Servers to Provide Authenticated
Access to Web Resources. By Jonathan Esterhazy, University of Manitoba
Libraries. See also his proxy-paper.pdf
CGI
Scripts for Access to Commercial Web Servers
Remote access authorization for
commercial databases requiring IP validation and username/password validation
-- Lynx URL rewriter in use at Texas Christian University, by Kerry Bouchard.
Authorization/Authentication
for Patron Remote Access to Electronic Resources
Powerpoint presentation and links
to code and examples. Presented at DRA Users' Conference, March 2000, by
Kerry Bouchard.
Providing
Access to Licensed Databases for Remote Library Users
How Dan Lester does things right
at Boise State University.
Implementing
a National Access Management System for Electronic Services
Article from D-Lib Magazine,
March 1998 by Norman Wiseman, University of Nottingham.
The
Complexity of Accessing Electronic Licensed Resources Using the WWW
Prepared by Linda Suk-Ling Murphy,
Health Sciences & Electronic Resources Librarian, University of California-Irvine,
Medical Center Library.
WebRelay:
A Multithreaded HTTP Relay Server
A relay server that can ensure session
control for the basically stateless HTTP protocol and establish connections
with a designated remote database web server on behalf of library patrons,
with authentication. Code available on request from the author, Peter Zhang
of the University of Calgary.
PRIDE
project fact sheet
People & Resources Identification
for Distributed Environments (PRIDE) will develop a broker service to support
the identification and delivery of information services over the Global
Information Infrastructure (GII). The resulting PRIDE directory service
support authorisation, registration and cost recovery, plus integration
with other interfaces to library services which are essential in networked
service scenarios. A project of the Telematics for Libraries Programme
of the European Commission.
Authentication
Issues for the Library Information Environment: Background and Technologies
A Powerpoint presentation, Vanderbilt
University, July, 1998.
User
Authentication and Authorization on the Web
Presentation from a Canadian Library
Association Preconference workshop, June 1998
CWRUnet
Web Proxy Services Overview
Case Western Reserve University
Library presentation at the Innovative User's Group; 2-5 May 1998, by Peter
Murray, Library Systems Manager. Includes Perl scripts.
Access
‘98 Authentication & Security
Slides from a presentation at Access
'98, Oct. 2-4, 1998, Saskatoon, Saskatchewan, by George Machovec, Technical
Director, Colorado Association of Research Libraries. Also available
as a PPT
file.
FirstSearch
in Your Nighty
Discussion of authentication tools
from the Internet Librarian column in American Libraries, by Karen G. Schneider.
VEL
Security/Authentication Issues
Security/Authentication Issues in
the CIC Virtual Electronic Library. Outlines the major network security
and authentication issues related to the CIC Virtual Electronic Library.
CIC is the is the academic consortium of the Big Ten universities and the
University of Chicago.
User
Authentication and Authorization in a Networked Library Environment
By George Machovec, Technical Coordinator,
Colorado Alliance of Research Libraries, November 1997.
TOLIMAC research
project
The aim of the TOLIMAC project was
to develop a smartcard-based system for controlling access and managing
payment of electronic information products and networked services in a
library environment. Final Report of the TOLIMAC project (Total Library
Management Concept) which was funded under the Fourth Framework programme
Telematics for Libraries of the Commission of the European Communities
DGXIII. The project started on 16 October 1996 and ended on 15 June 1999.
CANDLE
Controlled Access to Network Digital Libraries in Europe
"The CANDLE Project will develop
an access management system for electronic journals to be used in libraries.
Features of the system will be: 1. Role based access control 2. Single
sign on 3. Subscription management 4. Detailed usage statistics"
Report
on Research into Strategies for Implementation of Seamless Access for Saskatchewan
Public Libraries
Prepared by Darlene Fichter, Northern
Lights Internet Solutions Ltd. January 21, 1999.
A
Collection of Resources on Authentication
By Tom Klinger at Kent State University.
Internet
Resources: Authentication
Catalogue of internet resources
on authentication from
BUBL Link
Authentication
& Authorization: a guide
Includes a resource directory, links
to twelve key studies, information on projects and initiatives and archived
discussions of the
authentication mailing list. The site is
maintained by Andrew Cox, researcher on the JTAP funded (627) Candle -
Athens Integration Project.
Digital
Library Authentication and Authorization Architecture
"Under DLF auspices, the California
Digital Library, Columbia University, JSTOR, and OCLC have developed a
protocol that enables an information resource provider to verify that a
user bearing a digital certificate has authority from a home institution
to use a requested resource. The prototype system developed combines the
use of X.509 digital certificates for authentication with a directory service
providing authorization to licensed resources based on user attributes."
See also this.
Authentication:
Progress in the UK
"A sound authentication system is
recognised to be a fundamental requirement of a distributed electronic
resource, and development of a suitable system is a high priority in the
UK. This paper describes the JISC’s activities in the authentication field"
Authentication:
Progress in the US
"The growth in online services is
increasing the demand for authentication systems to manage access and improve
security for network users and network service providers. The paper provides
an overview of issues which are currently arising in the United States
in the area of authentication."
Security,
Authentication, and Authorization: Bibliography
Bibliography with links, compiled
by Keith Powell and Wayne Jones, from a presentation at the American Library
Association, Annual Conference, New Orleans, LA, June 27, 1999.
Remote
Access & Authentication
Slides from a presentation by Wally
Grotophorst, George Mason University, Dec. 9, 1997.
Implementing
policies for access management
By William Yeo Arms, Corporation
for National Research Initiatives, Reston, Virginia. An article from
D-Lib Magazine, February 1998.
Pass-Through
Proxying as a Solution to the Off-Site Web-Access Problem
This report outlines a simple solution
to the universal academic problem of off-campus access to on-campus (IP
restricted) Web-based resources. This solution costs little; requires
no special client software; works with a variety of authentication methods;
allows fine-grained control over what services can be accessed; and offers
both reasonable security and speed. By Richard Goerwitz, Brown University
Scholarly Technology Group, Providence, Rhode Island. Earlier versions
of this paper can be found
here
and here.
Safeguarding
Digital Library Contents and Users Assuring Convenient Security and Data
Quality
By H. M. Gladney and J. B. Lotspiech,
IBM Almaden Research Center, San Jose, California. An article from
D-Lib Magazine, May 1999.
User
Authentication at Public Internet Terminals: Who Is Doing It?
A non-scientific email survey performed
by Eric Schnell (schnell.9@osu.edu) Last Updated: Friday September 04 1998.
LITA
SSSIG MIDWINTER 1999
Got Milk? Got Cookies? Got Authentication?
Two presentations discussing the use of cookies and tokens for authentication.
Access
Management of Web-based Services An Incremental Approach to Cross-organizational
Authentication and Authorization
By Ariel Glenn and David Millman,
Columbia University, New York, New York. An article from D-Lib Magazine,
Sept. 1998.
Remote
Authentication and Authorization for JSTOR
By Ira H. Fuchs, Chief Scientist,
JSTOR, Vice President for Computing and Information Technology, Princeton
University, September 3, 1998. See also JSTOR
Remote Authentication
Libweb
Library WWW Servers
Libweb currently lists over 5500
pages from libraries in over 100 countries. Maintained by Thomas Dowling.
Useful for seeing how other libraries
have presented remote access authentication and resources to their users.
LibDex - the Library
Index
Libdex is a worldwide directory
of library homepages, web-based OPACs, Friends of the
Library pages, and library e-commerce affiliate links. Currently
includes over 16,000 libraries. Edited and compiled by Peter Scott.
Useful for seeing how other libraries
have presented remote access authentication and resources to their users.
Google
Search: library "off campus" database OR databases
or
Google
Search: library proxy
A more efficient way to see what
other libraries are saying to their users about remote access.
Database Vendor
Authentication Info
ProQuest
Secured Access
Information on authentication for
Proquest databases.
Grolier
Online Access and Authentication Policies
Information on authentication for
Grolier databases.
LexisNexis
Academic Universe RPA
Getting Started with Remote Patron
Authentication
University Authentication Projects
UCLA Authentication
Project
Information on a UCLA project to
authenticate users for access to network resources
Authentication
Authentication projects at University
of California, Columbia University, University of Colorado, Boulder.
UCCAP
- Overview
The aim of the University of California
Common Authentication Project (UCCAP) is to produce a UC Common Authentication
System (UCCAS)
Towards
a UW Authentication & Authorization Infrastructure
Slides from a presentation at the
University of Washington, May 26, 1999.
Authentication
in UK Higher Education Conference November 2nd 1999
Powerpoint presentations and links
from the Conference held at the Policy Studies Institute, London.
Requirements
for Authentication, Authorisation and Privacy in Higher Education
Findings from the first stage of
the Study into the Requirements for Authentication, Authorisation and Privacy
in Higher Education, by John Leach.
Leeds
University User Registration & Certificate Issuing System
JTAP-595. Leeds University Computing
Service and Leeds University Teaching & Learning Support Unit.
Proposal:
Authentication Services
Proposal for Implementation at the
University of Connecticut Computer Information Systems, University
Computer Center, November 1997. See especially Appendix:
University Library Authentication Requirements
ATG@ITC
- University of Virginia Authorizing Proxy Server
Protected access to licensed resources
for authorized users, on-campus and off- A project at the University
of Virginia using Squid, MySQL and Perl for authentication access to resources.
User
Authentication
A Model for an Enterprise-wide User
Authentication Service. January 18, 1998, April 8, 1998. By Michael
Grobe, Academic Computing Services, The University of Kansas. This document
discusses several aspects of user authentication for access to various
networked services at the University of Kansas.
Web
Validation Project
Purpose: to define different levels
of information and associated access rights that will allow for an organized
growth of Intranet and Internet content at Embry-Riddle and standardize
on a limited set of authentication mechanisms to reduce administrative
overhead and improve usability of the web site.
UW
Id-Auth-EComm Project
University of Waterloo project for
identification and authentication. See Web/ID-AUTH:
Project Goals for a library-related component of this project.
Trial
CIC Authentication and Authorization Project (TRICAAP)
"TRICAAP will be used to demonstrate
an architecture which provides for security of content across multiple
environments and enables secure inter-institutional interaction without
dictating a specific technology implementation."
User
authentication on ColumbiaWeb
Documentation for Columbia University
authentication applications CHEESE, a script-based form of authentication,
and CheeseWhiz, which relies on the regular HTTP protocol.
BMRC
Authentication Project
Project at UC Berkeley to investigate
secure authentication of university community members for access to web
based services.
Papers
on Authentication and Web security
Reports prepared for the UK Joint
Information Systems Committee (JISC) on technologies to support authentication
in higher education. Including Technologies
to Support Authentication in Higher Education, Implementation
of JANET authentication and encryption services and Web
Security Report.
Products and
Services
EZproxy
"EZproxy provides the easiest way
for libraries to extend web-based licensed databases to their remote users."
Obvia Remote Database
Access Service
"The Complete Solution for all your
Remote Authentication Needs" A turnkey product for remote access
authentication.
Remote
Patron Authentication
An integrated remote patron authentication
solution from EpixTech (formerly Ameritech) for customers of their Horizon,
Dynix, NOTIS LMS, and KeyNOTIS systems.
Athens - Access
Management Service
"ATHENS is an authentication system
which allows control of access to online resources. ATHENS has been available
since early summer 1995 and is currently in use at over 2000 sites in the
UK."
Clarity
Proxy Authentication
Clarity is a web proxy based on
Squid.
IIS
Authentication with AuthentiX
"Form-based or 100% cookie-free
'Basic Authentication' website protection while keeping your NT users names
and passwords private. Protect all files, not just ASP pages. Validate
against internal database, text file or external ODBC datasource."
Proxy Servers
and Authentication
Proxy
Servers and You
Proxy servers work as a helpful
"middleman" or broker between you and your Internet connection. Although
a few people feel that proxy servers detract from the wide-open nature
of the Web -- and proxies do have their issues -- this type of Web server
provides some very useful networking functions.
Welcome
to the WEB Proxy Server Information Page
What web proxy servers are and how
they work. The different types of proxies, and what they accomplish.
What proxies do and how do they do it.
Proxy
Servers
Proxy Server Overview. Although
proxy servers have been around for a long time (since the early days of
the WAN), the Internet has transformed them. Where they were once an esoteric
server found in only the largest corporations, they are now to a critical
component of all but the smallest organizations with an Internet connection
(and these days some can even be found in private homes).
Proxy
Client Autoconfig File Format
Describes the format for Proxy Auto-Config
(PAC) files.
Google
Search: library proxy.pac
Want to see other libraries' proxy.pac
files? Enter the proxy.pac URL then open the file in Wordpad for
best results. This works in IE 5.5; Netscape 4.7 sends an error message
about an unrequested proxy configuration file.
Proxy.pac
Perl script
A script written by Niall Doherty
that dynamically creates a proxy.pac file based on user IP address.
From the Squid users mailing list.
Web
Proxy Auto-Discovery Protocol
IETF draft document describing the
Web Proxy Auto-Discovery Protocol (WPAD) which permits web clients
to locate nearby web proxy servers. Note: this draft expired 12/99 - for
informational purposes only.
Auto-Proxy
Functions Supported by Internet Explorer
Q209266 from Microsoft Knowledge
Base. Includes PAC code examples. Covers IE 4 through 5.5.
Configuring
Cisco Authentication Proxy
Describes the Cisco IOS Firewall
Authentication Proxy feature. Authentication proxy provides dynamic, per-user
authentication and authorization, authenticating users against industry
standard TACACS+ and RADIUS authentication protocols. Authenticating and
authorizing connections by user provides more robust protection against
network attacks. From the
Cisco IOS Security Configuration Guide, Release
12.1
Netscape
Proxy Server Administrator's Guide Version 3.5 for Unix
Netscape
Proxy Server Administrator's Guide for Windows NT
"Netscape Proxy Server is a high-performance
server software product. It is designed for replicating and filtering access
to web-based content." Includes sections on authentication.
DeleGate
Home Page
DeleGate is a multi-purpose application
level gateway, or a proxy server which runs on multiple platforms (Unix,
Windows and OS/2). DeleGate mediates communication of various protocols
(HTTP, FTP, NNTP, POP, Telnet, etc.), applying cache and conversion for
mediated data, controlling access from clients and routing toward servers.
Created by Yutaka Sato.
Proxy Servers and Caching
Brian D.
Davison's Web Caching and Content Delivery Resources
This site is dedicated to providing
a comprehensive guide to the resources about and in support of caching
on the World Wide Web.
Includes an extensive list of proxy
cache systems and services.
A
Survey of Proxy Cache Evaluation Techniques
Proxy caches are increasingly used
around the world to reduce bandwidth requirements and alleviate delays
associated with the World-Wide Web. In order to compare proxy cache performances,
objective measurements must be made. In this paper, we define a space of
proxy evaluation methodologies based on source of workload used and form
of algorithm implementation. We then survey recent publications and show
their locations within this space. By Brian D. Davison, Department of Computer
Science, Rutgers, The State University of New Jersey.
Proxys 4 All
List of public proxy servers. Also
includes proxy auto config information, auto-proxy checker scripts, environment
checkers, and 'WebSpoof' an HTTP Referrer Spoofer.
Cache
Now!
The Cache Now! campaign is designed
to increase the awareness and use of proxy cache on the Web. Includes list
of proxy resources.
High
Performance Web Caching With Squid
This document explains in some detail
how to achieve high end performance from the excellent (but slow by default)
open source Squid web caching proxy. By Joe Cooper.
Proxy
Internet Access With Squid
Using Proxy Servers To Restrict,
Log, And Accelerate Internet Access By Tim Orbaker, March 06, 2000.
BYTE Magazine.
Caching
the Web with Linux
Improve your users' browsing and
save your bandwidth by using proxy servers to cache web pages. By David
Guerrero, January 1999. Installing and using Squid, configuring browsers
to use cache. Cache hierarchies.
Firewall
and Proxy Server HOWTO
This document is designed to describe
the basics of firewall systems and give you some detail on setting up both
a filtering and proxy firewall on a Linux based system. By Mark Grennan.
Transparent
Proxy with Squid mini-HOWTO
This document provides information
on how to setup a transparent caching HTTP proxy server using only Linux
and Squid. By Daniel Kiracofe.
Squid Proxy Server
Squid Web
Proxy Cache
"Squid is a full featured web proxy
cache designed to run on Unix systems, free open-source software, the result
of many contributions by unpaid volunteers and funded by the National Science
Foundation. Squid supports proxying and caching of HTTP, FTP, and
other URLs, proxying for SSL, cache hierarchies, ICP, HTCP, CARP, cache
digests, transparent caching, WCCP (Squid v2.3), extensive access controls,
HTTP server acceleration, SNMP and caching of DNS lookups."
SQUID
Frequently Asked Questions: Authentication
How does Proxy Authentication work
in Squid? How do I use authentication in access controls? Does Squid cache
authentication lookups? Are passwords stored in clear text or encrypted?
Squid
- Introduction
Introduction to setting up a Squid
server, with a section on authentication. From the ISPPlanet Cache Review
Series.
Squid development
projects
This SourceForge site hosts various
Squid development projects. The purpose of this site is to boost and open
up Squid development for features not yet ready to be merged into the main
Squid distribution. Anyone interested in developing some feature in Squid
are welcome to host their development here for sharing with other Squid
developers.
Squid and
Web utilities
Add-ons for the Squid proxy cache
server.
Squid
ACL Proxy Authentication with External Programs
This ACL Proxy Authentication with
External Programs patch implements proxy authentication as a normal ACL
and with external authentication programs which are allowed to block. It
is a generalization of my earlier patches which were based on the original
proxy_auth code provided by Jon Thackray <jrmt@uk.gdscorp.com>.
Squid
NTLM authentication project
The NTLM authentication project
aims at providing Microsoft NTLM proxy authentication support for Squid.
SMB
Proxy Authentication
smb_auth is a proxy authentication
module. With smb_auth you can authenticate proxy users against an SMB server
like Windows NT or Samba.
LDAP
Authentication for Squid
"Arjan de Vet has done a great job
devising a method to bind external authenticators into squid. Packaged
with Arjan's patch comes a password file authenticator for NCSA password
files. Based on this program I wrote my own little authenticator for LDAP.
"--fmesch@dial.eunet.ch.
Squid
ldap authentication module 0.2
The Squid LDAP authentication module
allows a Squid proxy server to authenticate against an LDAP server and
is a more flexible replacement for the LDAP authentication module supplied
with Squid. By Guy Antony Halse on October 19th 2000, 19:44 EST
Squid/src/auth/
Squid CVS repository for latest
versions of authentication modules.
User
and Group LDAP Authentication for Squid
This patch patches the Squid proxy
server to support static and dynamic LDAP group lookups when doing LDAP
authentication.
Microsoft Proxy Server and Microsoft Internet Security
and Acceleration Server
Microsoft
Proxy Server
"Microsoft Proxy Server 2.0 is an
extensible firewall and Web cache server that provides Internet security
while improving network response time and efficiency."
Microsoft
Internet Security and Acceleration Server
"Microsoft Internet Security and
Acceleration (ISA) Server 2000, the successor to Proxy Server 2.0, is an
extensible enterprise firewall and Web cache server that integrates with
Windows 2000 for policy-based security, acceleration, and management of
internetworking." See also the MS
TechNet ISA page and the docs
for the Enterprise Edtion.
Authentication
Options and Limitations Using Proxy Server 2.0
Describes the options and limitations
for using authentication with Microsoft Proxy Server 2.0 and client Web
browsers. (Article ID: Q198116)
Understanding
Microsoft Proxy Server 2.0
Discussion of proxy server features
and architecture, access control, encryption, and firewall strategies.
By NeonSurge.
Coopers
& Lybrand: Microsoft Proxy Server Security Evaluation
This case study presents the results
of tests designed to evaluate Microsoft Proxy Server security. Interconnectivity
security issues and the Microsoft Proxy Server features designed to address
these issues are presented. April 1997.
Troubleshooting
Microsoft Proxy Server
Explores some of the problems you
may run into when working with Microsoft Proxy Server. Several troubleshooting
topics are covered, including installation, configuration, error messages,
security issues, and client access problems.
Microsoft Internet
Information Server and Authentication
IIS:
Authentication & Security Features
Authentication and security features
of Microsoft Internet Information Server. (from the Microsoft Knowledge
Base)
How
IIS Authenticates Browser Clients
This article describes the different
authentication methods available in IIS for both Windows NT 4.0 and Windows
2000. Article ID: Q264921.
IIS
Authentication Methods
From Windows 2000 magazine, April
25, 2000, by Allen Jones.
How
to Authenticate a User Against All Trusted Domains
By default, Internet Information
Server (IIS) validates an unqualified user logon ID against either the
local computer's user database or the domain which the server is a member
of. This article describes how to configure IIS to validate the unqualified
user logon against all trusted domains and the user accounts database.
Article ID: Q168908.
Authentication
methods in IIS5
Part of the excellent IIS-FAQ
site, which has many other articles on IIS
authentication issues.
Authentication
Methods in IIS
In IIS you can setup various authentication
methods for entire sites or virtual directories. These authentication methods
determine who can access the Web pages in the site/virtual directory. By
Akhilesh.
Authentication
and Security White Paper for Internet Developers
Windows NT security as it relates
to Internet Information Server (from the Microsoft Knowledge Base)
Apache and Authentication
Web
Authentication/Security
A brief survey of the authentication
methods available with the Apache web server. An emphasis on the practical
application of those methods, the addition of custom methods, some observations
on the security model, and resulting risks. Presenter: Reg
Quinton, University of Waterloo. Slides from a presentation at Access
99: The Web: Portal to Information, Monday, October 25 - Wednesday,
27 - Guelph, Ontario.
HTAccess
Authentication Tutorial
Covers web-based user authentication
using htaccess, a feature supported by Apache and other web server software.
Using
User Authentication
Article on htaccess using Apache
from Apache Week
DBM
User Authentication
Article on htaccess using DBM under
Apache from Apache Week.
Authentication
& Authorization
A chapter from the O'Reilly book
Writing
Apache Modules with Perl and C, by Lincoln Stein and Doug MacEachern.
Apache
Web Server -- Proxy Authentication Setup
Describes the steps required to
set up the Apache web server to function as an authenticated proxy, with
specific reference to the needs of the University of Waterloo Library.
Apache
module mod_proxy
Documentation for the Apache proxy
module from the Apache web site.
Apache::RewritingProxy
This module allows proxying of web
sites without any configuration changes on the client's part. The client
is simply pointed to a URL using this module and it fetches the resource
and rewrites all links to continue using this proxy.
SourceForge:
Project Info - The Mod_Perl Rewriting Proxy
"This is a lightweight proxy, written
on Apache's Mod_Perl and designed for places where other proxies are unappliable
or undesirable."
Apache::ProxyRewrite
- mod_perl URL-rewriting proxy
"Apache::ProxyRewrite acts as a
reverse-proxy that will rewrite URLs embedded in HTML documents per apache
configuration directives. This module was written to allow multiple
backend services with discrete URLs to be presented as one service and
to allow the proxy to do authentication on the client's behalf."
Mod_Auth_External
Apache External Authentication Module.
Mod_Auth_External is a flexible tool for creating authentication systems
based on other databases.
Perl, CGI and Authentication
Authentication-related
Modules Available on CPAN
CPAN is the Comprehensive Perl Archive
Network. Many of these modules related to authentication are written
to work with the Apache web server, and provide for support handling cookies,
NT authentication and more.
A
Short Guide to DBI
The Perl Database Interface Module.
About relational databases. About SQL. What DBI is for. Examples
and explanation of how to use DBI. By Mark-Jason Dominus.
DBI - A Database
Interface Module for perl5
"The DBI is a database interface
module for Perl. It defines a set of methods, variables and conventions
that provide a consistent database interface independent of the actual
database being used.''
Matthew's
Authentication Script Area
Scripts and instructions which depend
on the CGI-modules-2.75 library and work on Linux 2.0, Apache 1.1, Berkeley
DB and Perl 5.003, by Matthew Darwin at the University of Ottowa.
Database
Logon Script
A Perl script that can be used to
provide authentication to numerous vendor databases with one userid/database
file, made available by its author, glen@rimu.cce.ac.nz
POWER
Library Scripts
A set of Perl scripts for authentication
to databases using IP addresses or library user IDs, made available by
Keith Ostertag, ATS Coordinator, Dauphin County Library System.
Authenticate
and Track Users with PHP
An article from WebMonkey by Judy
Meloni
How
to spoof HTTP_REFERER
How hard is it to fake a referral
URL or any other browser passed variable? Here is an example showing
how easy it is to do.
CGI
Environment Variables
List of resources and tools on environment
variables from the CGI Resource
Index.
Overview
of CGI Environment Settings
Web browser environment variables
and how to access them, by Jon Hedley.
The World
Wide Web Security FAQ
How to avoid security problems with
CGI scripts and htaccess. How to protect confidential documents at your
site. Safe scripting in Perl.
CGI Resource
Index
Information, documentation and tutorials
regarding CGI programming. Hundreds of pre-made CGI's written in Perl and
other languages.
Perl
and CGI FAQ
"You can create a lot of magic by
writing a CGI program/script. You can create graphics on the fly, access
databases and return results and connect to other Internet information
servers."
CGI.pm
- a Perl5 CGI Library
This Perl 5 library uses objects
to create web fill-out forms on the fly and to parse their contents. It
provides a simple interface for parsing and interpreting query strings
passed to CGI scripts. However, it also offers a rich set of functions
for creating fill-out forms.
SSL and Cookies
Introduction
to SSL
This document introduces the Secure
Sockets Layer (SSL) protocol. Originally developed by Netscape, SSL has
been universally accepted on the World Wide Web for authenticated and encrypted
communication between clients and servers. See also this Netsacpe
TechBrief on SSL.
OpenSSL: The
Open Source toolkit for SSL/TLS
"The OpenSSL Project is a collaborative
effort to develop a robust, commercial-grade, full-featured, and Open Source
toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport
Layer Security (TLS v1) protocols as well as a full-strength general purpose
cryptography library."
SSL / TLS
Overview by Dan Kegel. See
also his SSL Acceleration
page.
Apache-SSL
Apache-SSL is a secure webserver,
based on Apache and SSLeay/OpenSSL. Not to be confused with mod_ssl.
mod_ssl: The Apache
Interface to OpenSSL
This module provides strong cryptography
for the Apache 1.3 webserver via the Secure Sockets Layer (SSL v2/v3) and
Transport Layer Security (TLS v1) protocols by the help of the Open Source
SSL/TLS toolkit OpenSSL, which is based on SSLeay from Eric A. Young and
Tim J. Hudson. Not to be confused with Apache-SSL.
SSL
and Secure Servers
What SSL is and step-by-step instructions
on how to create and sign your own SSL certificate. Section from
a course on Web
Administration and Security, by Mark Burgess and Sigmund Straumsnes,
Oslo College.
The
Unofficial Cookie FAQ
Cookies are a very useful tool in
maintaining state variables on the Web. Since HTTP is a "stateless" (non-persistent)
protocol, it is impossible to differentiate between visits to a web site,
unless the server can somehow "mark" a visitor. This is done by storing
a piece of information in the visitor's browser. From Cookie
Central.
How
Internet Cookies Work
Article from Howstuffworks, by Marshall
Brain.
The
CGI Resource Index: Programs and Scripts: Perl: Cookies
Scripts to manipulate cookies in
Perl.
RFC
2109: HTTP State Management Mechanism
This document specifies a way to
create a stateful session with HTTP requests and responses. It describes
two new headers, Cookie and Set-Cookie, which carry state information between
participating origin servers and user agents
LDAP and Kerberos
Introduction
to LDAP under Linux
From Linuxfocus.org by Atif Ghaffar.
An
Introduction to LDAP
From the O'Reilly Network, by Luke
A. Kanies.
Introduction
to Lightweight Directory Access Protocol (LDAP)
Q196455 from Microsoft Product Support
Services.
LDAP
Introduction
By Lars Pind, May 8, 2000.
An
LDAP Roadmap & FAQ -- Directory Services Information
A tutorial aid to navigating various
LDAP andX.500 Directory Services resources on the Internet. By
Jeff Hodges.
LDAP
RFCs
From Yahoo.
Common
LDAP RFCs
Q221606 from Microsoft Product Support
Services.
LDAP
Browser/Editor
Free LDAP Browser/Editor provides
a user-friendly Windows Explorer-like interface to LDAP directories with
tightly integrated browsing and editing capabilities.
Public
LDAP Servers
A list maintainted by eMailman.
LDAP
Linux HOWTO
Information about installing, configuring,
running and maintaining a LDAP (Lightweight Directory Access Protocol)
Server on a Linux machine is presented on this document.
LDAP
Implementation HOWTO
This document describes the technical
aspects of storing application data in an ldap server. It focuses on theconfiguration
of various applications to make them ldap-aware. By Roel van Meer and Giuseppe
Lo Biondo
Linux
LDAP Tutorial
Deploying OpenLDAP - Directory Installation
and configuration (V1.2 and 2.0)
Understanding
LDAP
Microsoft document on LDAP, the
directory service protocol used by the Active Directory service.
OpenLDAP
OpenLDAP Software is an open source
implementation of the Lightweight Directory Access Protocol.
Perl-LDAP
Homepage
The perl-ldap distribution is a
collection of perl modules which provide an object orientated interface
to LDAP servers.
LDAP
Freeware Products
The Eudora LDAP Directory Server
is an LDAP v2 server for Windows NT 4.0 (Workstation or Server) available
in executable and source code form.
Kerberos:
The Network Authentication Protocol
Kerberos is designed to provide
strong authentication for client/server applications by using secret-key
cryptography. A free implementation of this protocol is available from
the Massachusetts Institute of Technology. Kerberos is available in many
commercial products as well.
Basic
Overview of Kerberos User Authentication Protocol in Windows 2000
Q217098 from Microsoft Product Support
Services.
Information
About the Windows 2000 Kerberos Implementation
Q248758 from Microsoft Product Support
Services.
Answers
to Frequently Asked Kerberos Questions
Q266080 from Microsoft Product Support
Services.
Linux/Unix and
Authentication
Linux-PAM
Page
The Linux-PAM (Pluggable Authentication
Modules for Linux) project provides a way to develop programs that are
independent of authentication scheme. These programs need "authentication
modules" to be attached to them at run-time in order to work.
PAM_SMB:
NT Authentication for Unix
pam_smb allows authentication of
Unix users against SMB servers (Windows NT and Samba servers, also Win
95). It runs under Linux, Solaris, HP-UX and FreeBSD. See also
this.
PAM_NTdom:
NT Domain Authentication for Linux and Solaris
Based on pam-smb, this module allows
a Linux user to authenticate against an NT Server using the NT Domain Authentication
Protocol.
User
Authentication on the Web
HTTP
Basic Access Authentication
HTTP 1.0 provides a simple challenge-response
authentication mechanism which may be used by a server to challenge a client
request and by a client to provide authentication information. From the
IETF Internet Draft.
HTTP
Authentication: Basic and Digest Access Authentication
RFC 2617 provides the specification
for HTTP's authentication framework, the original Basic authentication
scheme and a scheme based on cryptographic hashes, referred to as "Digest
Access Authentication". It is therefore also intended to serve as
a replacement for RFC 2069.
A
Guide to Web Authentication Alternatives
Jan Wolter discusses the two standard
authentication systems which are described in the HTTP protocol documents:
"basic authentication" which is supported by most browsers and HTTP servers,
and "digest authentication" which isn't. He then descibes various
"do-it-yourself" alternatives to basic authentication.
Web
Security Report
With sections on authentication
and authorisation. By Andrew Cormack.
The
CNI Program on Authentication Authorization and Access Management
which includes A
White Paper on Authentication and Access Management, Clifford Lynch,
editor, Coalition for Networked Information.
Open
Authentication Systems For The Web
"The rapid growth in Internet services
has led to a demand for scalable authentication systems to restrict access
to licensed services (such as bibliographical services, databases, etc.)
to authorised users. An increasing number of proprietary applications which
provide authentication services are available. However such applications
may only provide an interim solution, until authentication services based
on open protocols are available. This article reviews developments to such
open authentication protocols."
Authentication
Tutorial
"This tutorial explains authentication:
What it is, how you work with it, and what options are currently available
to you." A different version of this document here.
Common
Authentication Technology (cat) Charter
The goal of the IETF Common Authentication
Technology (CAT) Working Group is to provide distributed security services
(which have included authentication, integrity, and confidentiality, and
may broaden to include authorization) to a variety of protocol callers
in a manner which insulates those callers from the specifics of underlying
security mechanisms.
User
Agent Authentication Form Elements
Discusses problems with existing
methods of authentication and proposes a new HTML capability to aid in
the development of authenticated web user interfaces. Submitted for consideration
to the World Wide Web Consortium.
SRP: The Open-Source
Password Authentication Standard
"The Secure Remote Password protocol
is the core technology behind the Stanford SRP Authentication Project.
The Project is an Open Source initiative that integrates secure password
authentication into existing networked applications."
Handling
Authentication
How the Microsoft Win32 internet
API handles http authentication. Basic, Challenge-response
and other types. Proxy servers.
Regaining
Single Sign-On
"In the mainframe era, computer
users only had to remember one username and password as there was only
one computer to access. With the advent of networks, people suddenly acquired
many computing accounts each with a username and password to be remembered."
by Andrew Findlay, Head of Networking and Systems, Brunel University, London.
21 April 1999.
|
