MACS Apache Module Client

project's Sourceforge page

Installation and Use

Make sure that apxs is in your path, and do a make install. If all goes well, you're ready to start configuring!

Configuration

Somewhere in your httpd.conf, or a file included there, you should have something like the following.

   <IfModule mod_macs.c>
     MacsConfigFile /path/to/cf
     MacsLIA http://domain.com/new/lia
     MacsEnable on
     <location /secureapps>
       MacsAuthenticate on
     </location>
     <location /secureapps/unsecure>
       MacsAuthenticate off
     </location>
     <location /appneedsloginandemail>
       MacsProfile MACS_LOGIN char:macs/user/login %user
       MacsProfile MACS_EMAIL char:macs/user/email %user
     </location>
     <location /appneedsloginandemail/andnamebutnoemail>
       MacsProfile MACS_FIRST char:macs/user/name %user
       MacsProfile MACS_EMAIL
     </location>
     <location /appone>
       MacsResource mycompany/appone
     </location>
     <location /appone/subdir/apptwo>
       MacsResource mycompany/apptwo
     </location>
     <location /appone/subdir/notamacsresource>
       MacsResource clear
     </location>
     <location /appone/subdir/freeforall>
       MacsAuthorize off
     </location>
   </IfModule>

MacsConfigFile

Specifies the location of the MACS configuration file. The format of the file is out of the scope of these comments, see the docs for MACS configuration.

MacsLIA

Specifies an alternate LIA location, overriding the value gleaned from the MacsConfigFile. This directive must come after MacsConfigFile -- otherwise MacsConfigFile would over-override the LIA location!

MacsEnable

Enable MACS processing for this server. Must appear in a server's (or virtual host's) configuration for MACS processing to take place. Is not passed to vhosts from main server's config. This allows you to specify the MACS configuration for all servers in the main config, and turn it on for desired vhosts only.

MacsAuthenticate

The MacsAuthenticate directive turns authentication on or off at a certain directory or location.

MacsProfile

The MacsProfile directive maps an element of the user's profile to a request header, and therefore a CGI environment variable in all caps and prefixed by 'HTTP_'. It also spoofs a cookie, with the same name as the request header (no HTTP_ prefix.) The syntax for MacsProfile is:

 MacsProfile request_header [type:name_space resource_spec]

request_header is the spoofed request header that will contain the element's value.
type specifies the type of value to fetch -- one of int, float, char, blob, link, res or auto.
name_space is the profile namespace path of the element to expose.
resource_spec is a full resource path whose profile information to expose, or user to expose the current user's profile, or url to expose the profile of the resource mapped to the requested url.
Note: If only the request_header is specified, the directive unmaps the any previous (probably inherited from parent directories) mappings.

MacsResource

The MacsResource directive maps the directory or location to the specified MACS resource. The special resource CLEAR unmaps the directory from any resource.

MacsAuthorize

This directive toggles authorization checks in a directory. Use it to save CPU when you have large or often-used resources which have open access. Note that MacsAuthenticate can force folks to log in (or not) to access the resource.

History

12.99, mds, Starting off from a perl module with the following comments

 # WACA.pm
 #
 # This module is the heart of WACA and performs all the dificult "in
 # the server" type stuff, any serious problem here could crash the
 # whole server, so be careful!
 #
 # 05-04-99 Blake Mitchell

modules

Generated on Mon Jul 14 14:27:00 2003 for MACS Apache Client Module by

1.3-rc3