Authentication?

Steven Monai stevem at SPATIALMAPPING.COM
Mon Oct 31 13:19:32 PST 2005


Patrick:

To my knowledge, there is no "out of the box" authentication system for
MapServer, so it's up to individual applications to implement it.

I have put an "enhancement" request into Bugzilla for simple MAP-level
authentication for MapServer CGI:
http://mapserver.gis.umn.edu/bugs/show_bug.cgi?id=1512

Of course, there's no guarantee that anyone's actually going to implement
it!

Since MapServer doesn't (yet) have this feature, you can still configure
your web server to protect the MapServer CGI program itself, with Basic
Authentication (for example). This would force all users of the MapServer
CGI to provide valid credentials on every request, regardless of the map
file specified. This could be acceptable if yours is the only application
on the server that uses MapServer.

Another alternative is to implement a CGI "wrapper" that does the
authentication checks before passing valid requests along to MapServer.
Incoming requests to the MapServer CGI that do not come through the wrapper
would have to be rejected, but I'm not sure how this would be accomplished.
Perhaps the wrapper would set an environment variable that the web server
uses in a conditional statement that allows or denies access to the
MapServer CGI, depending on the existence of the variable.

I hope this gave you some ideas.

Regards,
-SM
--



On Mon, 31 Oct 2005 13:23:41 +0800, Patrick Kosiol <patrick.kosiol at GMX.DE>
wrote:

>Hi,
>
>are there any user/password authentication integrations for mapserver
>implemented somewhere?
>
>
>Regards,
>
>Patrick



More information about the MapServer-users mailing list