The attached patch adds a new feature to this module: When the 403 error handler is set to the newly defined menu item “authenticate”, the user is redirected to that URL when he’s not yet logged in. The administrator has to configure the appropriate access rules for only that specific URL (it acts as a “login URL” only). When the user acquired the login from that URL, he is redirected to the page he requested originally or – when the permissions are still not there – he is finally shown the 403 page.

The required configuration for this setup:

  • set 403 handler to “authenticate”.

  • in Drupal’s .htaccess, add the following:

    <Files authenticate>
  # Kerberos authentication
  AuthType Kerberos
  AuthName "Kerberos login"


  KrbMethodK5Passwd on
  KrbMethodNegotiate off
  KrbAuthoritative on
  KrbVerifyKDC off
  KrbAuthRealms KERBEROS.EXAMPLE.COM
  require valid-user
</Files>

    or use any other authentication method inside <Files authenticate>.

When the user is logged out, any request to a page that would require more access permissions is redirected to that “page”. Apache requires authentication for that page, Drupal grabs the username from it, logs the user in and redirects to the original page.

CommentFileSizeAuthor
webserver_auth-redirect.patch1.75 KBkkaefer
Support from Acquia helps fund testing for Drupal Acquia logo

Comments

kkaefer’s picture

kkaefer CreditAttribution: kkaefer commented

The use case for this is when you want to have a website that is accessible to guests as well, but when certain parts (e.g. admin area) are restricted to admins.

kswan’s picture

kswan CreditAttribution: kswan commented

I tried this patch and have some feedback.

First, this code only works if Clean URLs are enabled. Without Clean URLs I get stuck in a redirect loop.

function webserver_auth_verify() {
  global $user;
  $segment = drupal_get_normal_path(parse_url(substr(request_uri(), drupal_strlen(base_path())), PHP_URL_PATH));

The $segment variable is empty if Clean URLs is disabled.

I enabled Clean URLs, and it is now redirecting to 'authenticate' correctly, but the webserver_auth_verify function never gets into the "user is verified" mode.

 elseif ($user->uid && $segment == arg(0)) {
    // The user managed to authenticate with this URL; send him to his destination.
    drupal_goto();
  }

It ends up at a white screen after running
$GLOBALS['conf']['site_403'] = '';
even though the user successfully authenticated.

I can then go to my homepage and the user is logged in.

I tried to change

 elseif ($user->uid && $segment == arg(0)) {

to 

 elseif ($user->uid) {

and the redirect works correctly now, but I am not sure of the implications of this change.

Paul Natsuo Kishimoto’s picture

Paul Natsuo Kishimoto CreditAttribution: Paul Natsuo Kishimoto commented

Hi—I was just made maintainer of this module, exciting!

kkaefer, can you take a look at kswan's comments and submit a patch that works (for you) with Clean URLs off?

That glitch aside, this looks like very useful functionality and I'd like to include it (once I figure out how to CVS commit...I'm too used to bzr!)

kkaefer’s picture

kkaefer CreditAttribution: kkaefer commented

Definitely! Any code submitted here is GPL, so you can take it, modify and commit it.

kswan’s picture

kswan CreditAttribution: kswan commented
Status: Needs review » Needs work

Status correction.

gaards’s picture

gaards CreditAttribution: gaards commented
Status: Needs work » Closed (outdated)

Closed because Drupal 6 is no longer supported. If the issue verifiably applies to later versions, please reopen with details and update the version.