module mod_gws

Description: Provides authorization by group memberships from a RESTful groups web service.
Module Identifier:gws_module

Summary

Directives

top

GWSActive Directive

Description:Activates mod_gws
Syntax:GWSActive on|off
Context:directory, .htaccess
Override:none
Default:On

mod_gws is automatically activated by an AuthType directive specifying uwnetid, securid or shibboleth.

mod_gws is automatically de-activated by an AuthGroupFile directive.

top

GWSAuthoritative Directive

Description:Determines whether or not mod_gws must decide the user's access.
Syntax:GWSAuthoritative on|off
Context:.htaccess
Override:none
Default:Off

GWSAuthoritative Set authoritative.

Examples

GWSAuthoritative on

top

GWSCookie Directive

Description:Names the cookie to use for session control.
Syntax:GWSCookie cookie_name
Context:server config
Override:none
Default:gwssession

GWSCookie Identifies the name of the cookie for mod_gws to use for session control.

Examples

GWSCookie uwgws

top

GWSGroupKeyword Directive

Description:Identifies the 'require' line keyword to test group membership. This is commonly just group, as in require group u_spud_siteusers. It can be configured to another key to avoid conflicts with other modules.
Syntax:GWSGroupKeyword keyword
Context:server config
Override:none
Default:group

GWSGroupKeyword Identify the gws group keyword.

Examples

GWSGroupKeyword gws_group

top

GWSOwnerAccess Directive

Description:If set, mod_gws will make requests to the webserver acting as the resource owner. The resource is the web element being requested by the user. This allows mod_gws to comply with membership viewer controls at the groups webservice.

The webservice must support act-as functionality.

Syntax:GWSOwnerAccess on|off
Context:server config
Override:none
Default:Off

GWSOwnerAccess Act-as the resource owner during group web serivce requests.

Examples

GWSOwnerAccess on

top

GWSPasswordfile Directive

Description:Identifies the file containing a password for gwsd access.
Syntax:GWSpasswordfile path
Context:server config
Override:none
Default:none
Note:This file should be set to be readable only by the root user.

GWSPasswordfile Identify the gwsd password file.

Examples

GWSPasswordfile /usr/share/gwsd-pw.txt

top

GWSSocketname Directive

Description:Identifies the gwsd socket.
Syntax:GWSsocketname path
Context:server config
Override:none
Default:none

GWSsocketname Identify the gwsd socket.

Examples

GWSsocketname /var/run/gwsd.sock

top

GWSTimeout Directive

Description:Set session lifetime.
Syntax:GWSTimeout minutes
Context:server config
Override:none
Default:9 hours

GWSTimeout Set mod_gws session lifetime.

Examples

GWSTimeout 300

top

GWSUnixGroupKeyword Directive

Description:Identifies the 'require' line keyword to test unix group membership. This is commonly ugroup, as in require ugroup staff. It can be configured to another key to avoid conflicts with other modules.
Syntax:GWSUnixGroupKeyword keyword
Context:server config
Override:none
Default:ugroup

GWSUnixKeyword Identify the unix group keyword.

Examples

GWSUnixKeyword unix_group

top

GWSUserKeyword Directive

Description:Identifies the 'require' keyword to test the user id. This is commonly just user, as in require user spud. It can be configured to another key to avoid conflicts with other modules.
Syntax:GWSUserKeyword keyword
Context:server config
Override:none
Default:user

GWSUserKeyword Identify the user id keyword.

Examples

GWSUserKeyword remote_user

top

require Directive

Description:Describes an authorization requirement. The module acts on all require lines that match its syntax.
Syntax:require requirement_clauses
Context:directory, .htaccess
Override:Authconfig

Require defines an authorization requirement.

A requirement clause is the gws group keyword, the unix group keyword, or the user keyword, followed by one or more items to match. For example: group u_spud.

Requirement clauses may be combined with the logical operators AND and OR.

The operators may be preceded by NOT.

Requirement clauses may be grouped by parentheses.

Examples

require group u_spud u_puds or user blake

require (group u_spud and ugroup staff) or user blake