This file is deprecated, and only partially valid. These are plans for how this module should be built. The actual aim of this module is to identify user, not to authorise her (authorization is "implicit"). This module looks at a connection's parameters (source port/source IP/timestamp) (these are enough to identify quite stricly the connection) and performs SQL requests to a database containing the attached UID, if any. As an option, an LDAP request can then be performed, to convert the UID into an actual username. Provided directives : AuthNufwAuthoritative On/Off Prevent other authentication modules from authenticating the user if this fails AuthNufwEnabled On/Off Set to off to disable use of this module for some ressources. AuthNufwTimeWindow integer default : 1 second. Specifies the time window a connection will be considered to match. Increase on laggy networks, be aware the higher this value, the most probable attacks get. Using NTP is obviously not an option when using this module. AuthNufwSQLHost IP or name defaults to localhost AuthNufwSQLPort port nb defaults to 5432 or 3306 AuthNufwSQLDatabase database name defaults to ?? AuthNufwSQLUser database user defaults to ?? AUthNufwSQLPassword database password AUthNufwSQLSSL* SSL encryption options will be added later. ------------------------------------------------------------------------ exported functions : 1 create_auth_nufw_dir_config -> apache function to create config for a dir there is no special merge, overriding is what we want. 2 create_auth_nufw_config -> ??? 3 auth_nufw_cmds -> the command table, describing above directives 4 auth_nufw_identify_user -> find out whom a connection comes from, from the SQL database. 5 auth_nufw_dummy_auth -> dummy function, auth is actually checked in auth_nufw_identify_user. Probably this function can vanish actually.. 6 auth_nufw_child_init -> what to do when a child spawns 7 auth_nufw_child_exit -> what to do when a child dies ------------------------------------------------------------------------ subtasks: 1 2 4 a/ check if child already has an open database conn b/ if not, connect b1/ if it fails, log an error message and return b2/ success c/ build request, taking time into account d/ perform request e/ is there zero or one result? e1/ if not, log some critical message (and return) e2/ yes f/ is there zero result? f1/ yes -> no identification, return f2/ no -> identification success, fill in the user field (and others?) 5 if needed, set the user as authenticated 6 init a database link (or grab one from the pool ?) if this fails, log an error 7 close the database link (or hand it back into the pool)