mod_gws
Description: | Provides authorization by group memberships from a RESTful groups web service. |
---|---|
Module Identifier: | gws_module |
Description: | Activates mod_gws |
---|---|
Syntax: | GWSActive on|off |
Context: | directory, .htaccess |
Override: | none |
Default: | On |
mod_gws
is automatically activated by an
AuthType
directive specifying uwnetid
, securid
or shibboleth
.
mod_gws
is automatically de-activated by an
AuthGroupFile
directive.
Description: | Determines whether or not mod_gws must decide the user's access. |
---|---|
Syntax: | GWSAuthoritative on|off |
Context: | .htaccess |
Override: | none |
Default: | Off |
GWSAuthoritative
Set authoritative.
GWSAuthoritative on
Description: | Names the cookie to use for session control. |
---|---|
Syntax: | GWSCookie cookie_name
|
Context: | server config |
Override: | none |
Default: | gwssession |
GWSCookie
Identifies the name of the cookie for mod_gws to use for session control.
GWSCookie uwgws
Description: | Identifies the 'require' line keyword to test group membership. This is commonly just group, as in require group u_spud_siteusers. It can be configured to another key to avoid conflicts with other modules. |
---|---|
Syntax: | GWSGroupKeyword keyword |
Context: | server config |
Override: | none |
Default: | group |
GWSGroupKeyword
Identify the gws group keyword.
GWSGroupKeyword gws_group
Description: | If set, mod_gws will make requests to the webserver
acting as the resource owner. The resource is the web element being requested by the user.
This allows mod_gws to comply with membership viewer controls at the groups webservice.
The webservice must support act-as functionality. |
---|---|
Syntax: | GWSOwnerAccess on|off
|
Context: | server config |
Override: | none |
Default: | Off |
GWSOwnerAccess
Act-as the resource owner during group web serivce requests.
GWSOwnerAccess on
Description: | Identifies the file containing a password for gwsd access. |
---|---|
Syntax: | GWSpasswordfile path |
Context: | server config |
Override: | none |
Default: | none |
Note: | This file should be set to be readable only by the root user. |
GWSPasswordfile
Identify the gwsd password file.
GWSPasswordfile /usr/share/gwsd-pw.txt
Description: | Identifies the gwsd socket. |
---|---|
Syntax: | GWSsocketname path |
Context: | server config |
Override: | none |
Default: | none |
GWSsocketname
Identify the gwsd socket.
GWSsocketname /var/run/gwsd.sock
Description: | Set session lifetime. |
---|---|
Syntax: | GWSTimeout minutes |
Context: | server config |
Override: | none |
Default: | 9 hours |
GWSTimeout
Set mod_gws session lifetime.
GWSTimeout 300
Description: | Identifies the 'require' line keyword to test unix group membership. This is commonly ugroup, as in require ugroup staff. It can be configured to another key to avoid conflicts with other modules. |
---|---|
Syntax: | GWSUnixGroupKeyword keyword |
Context: | server config |
Override: | none |
Default: | ugroup |
GWSUnixKeyword
Identify the unix group keyword.
GWSUnixKeyword unix_group
Description: | Identifies the 'require' keyword to test the user id. This is commonly just user, as in require user spud. It can be configured to another key to avoid conflicts with other modules. |
---|---|
Syntax: | GWSUserKeyword keyword |
Context: | server config |
Override: | none |
Default: | user |
GWSUserKeyword
Identify the user id keyword.
GWSUserKeyword remote_user
Description: | Describes an authorization requirement. The module acts on all require lines that match its syntax. |
---|---|
Syntax: | require requirement_clauses
|
Context: | directory, .htaccess |
Override: | Authconfig |
Require
defines an authorization requirement.
A requirement clause is the gws group keyword, the unix group keyword, or the user keyword,
followed by one or more items to match. For example: group u_spud
.
Requirement clauses may be combined with the logical operators AND
and OR
.
The operators may be preceded by NOT
.
Requirement clauses may be grouped by parentheses.
require group u_spud u_puds or user blake
require (group u_spud and ugroup staff) or user blake