Security

This module provides Kerberos authentication using the php_krb5 (download link) module.

The evil module will try to be ran from your drush commands or Drupal bootstap code in ways you may not expect. It is designed to be used for penetration testing and debugging.

This module should generally NOT be installed on your Drupal site. It serves no other purpose than being noticed and try to nag users as much as possible. Do not enable this module unless you know what you're doing.

Rationale

The idea behind this project is that while we generally assume trusted users maintain the modules on your site, unstrusted users may be able to creep through your install and deploy a module in a location that you wouldn't expect, but still that Drupal would still bootstrap and run. This module is therefore designed to be hooked into as many places as possible in Drush and Drupal bootstrap sequences so that it gets loaded any time you:

* bootstrap drupal (if the module is in sites/all/modules)
* bootstrap drush (it has a .drush.inc file)
* load themes (it should have a .theme file too, while we're at it)

This was designed to test shared hosting security within the Aegir project (see issue #762138: Design security issue with developer access to sites' modules and themes) but can be used by anybody.

Similar projects

Log administrative actions in either dblog or redis.

Provides each user with a unique user key, which can be used around the site, as well as reset on demand.

I have taken the cosign module and created a "cosign_auth" module that works on Drupal 7. This module is not dependent on the webserver_auth module and does not use or rely on the authmap table.

This module lets the administrator set the HTML robots metatag to noindex for a specific node.