DACS-enhanced Apache

DACS can extend the capabilities of an Apache 2.4 web server in two separate ways:

• Enhanced Authentication
  By leveraging your existing authentication systems or using its own methods, DACS can provide a universal, extensible authentication capability that can replace several Apache modules. The resulting identities are represented externally within secure DACS credentials, and within Apache and invoked CGI programs through the REMOTE_USER environment variable.

  Industry-standard RFC 2617 Basic and Digest authentication is implemented directly by DACS. With "Basic auth", the familiar username/password prompting interaction with a browser can be configured with any DACS password-based authentication module. For example, a user trying to access a DACS-wrapped resource can be required to first answer his browser's pop-up window's prompt for a username and password; the username and password will then be validated by DACS whichever method has been configured: NTLM, LDAP, CAS, Unix, and so on. If authentication is successful, an authorization check of the user's identity against the requested resource can be performed automatically.

• Enhanced Access Control
  A web site administrator can "DACS-wrap" portions of a site's URL space by crafting powerful access control rules. Only if permitted by the rule governing a particular web page, file, program, or other web resource served by Apache will access be granted. Access control processing is independent of the resource being protected by DACS and transparent to the resource. Rules consist of C-like expressions that can examine a request's arguments and other context associated with the request. For example, a rule can restrict access depending on the IP address or domain name from which the request comes, the value of any variable provided by Apache, DACS configuration variables, the current time or date, the identity or method of authentication of the user making the request, and much more.

  The authentication procedure can assign roles to users and an administrator can define groups of users; access control rules can test for role and group membership when determining whether access should be granted or denied.