OK, here is the situation. I need to authenticate someone on login.mydomain.com and have that login accepted on server1.mydomain.com, server2.mydomain.com etc etc.
Now there is something like this for mod_perl called AuthTicket. I would wrather have something in PHP because I am more familiar with it, however I am drawing a blank as to how to do this.
Basically AuthTicket, authenticates via a mysql db, and has a secure key that is generated that is verified. If the secure key changes, the user is forced to logout and back in again. It is changed every X minutes/hours etc to help keep security high. It uses AuthCookie to ensure that the user could browse the other sites without being asked to login again.
My dilmemna is that I am now sure how I could get PHP to do the auth like this. The actual auth with mysql, etc etc is the easy part. The part I am confused about is how I can integrate it with apache like the PERL module so that it will work across multiple domains, and work similar to htaccess in that it is seemless once the user is logged in.
We also want web page based login forms and not the typical htaccess pop-up.
I was researching how to make Apache run particular scripts based on the <Location> configuration but I am just at a loss.
Any help anyone could give, ideas etc would be great. Right now we are doing it with sessions, but the user has to login to each site individiually and the SESSIONS seem to be causing problems with some of the other pages on the sites.
Thanks again,
Stressed
