From owner-freebsd-questions@FreeBSD.ORG  Thu Sep 23 10:53:47 2004
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 8C68616A4CE
	for <freebsd-questions@freebsd.org>;
	Thu, 23 Sep 2004 10:53:47 +0000 (GMT)
Received: from smtp.nildram.co.uk (smtp.nildram.co.uk [195.112.4.54])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 8959B43D49
	for <freebsd-questions@freebsd.org>;
	Thu, 23 Sep 2004 10:53:42 +0000 (GMT)
	(envelope-from andyh@hhbb.co.uk)
Received: from [10.0.0.78] (hedgie1.gotadsl.co.uk [82.133.95.107])
	by smtp.nildram.co.uk (Postfix) with ESMTP id 48AE224F00A
	for <freebsd-questions@freebsd.org>;
	Thu, 23 Sep 2004 11:53:39 +0100 (BST)
Mime-Version: 1.0 (Apple Message framework v619)
Content-Transfer-Encoding: 7bit
Message-Id: <D46B23FA-0D4E-11D9-AE37-000D93511A6A@hhbb.co.uk>
Content-Type: text/plain; charset=US-ASCII; format=flowed
To: freebsd-questions@freebsd.org
From: Andy Holyer <andyh@hhbb.co.uk>
Date: Thu, 23 Sep 2004 11:53:40 +0100
X-Mailer: Apple Mail (2.619)
Subject: Advice: "The Right" authentication method
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 23 Sep 2004 10:53:47 -0000

I'm working on writing the "Control Panel" scripts which subscribers to 
our ISP will use to set up their eMail accounts and web space.

Here's the Server spec:

FreeBSD-Current;
Perl 5.6.1, no problem installing any needed modules;
Apache 2;
I'm keeping ordinary customers off the machine, so I run Postfix and 
Cyus and use sasl2 for customer passwords. I'd like to use these ID to 
arrange access to the control panel system.

I'm stuck at the very start of my design process. I have two tasks to 
do:

Verify that users have supplied the correct password; and let the perl 
scripts know who that visitor is, so that we can select the correct 
accounts to show.

Do I use SASL directly? or LDAP? or do I implement an Apache module to 
handle access and let Apache do the work?

I want to do "The right thing" - that is, the most general and correct 
thing possible, I've got years of experience in perl scripting, but at 
the moment I wandering around in a twisty litte maze of standards, all 
different.

Clue, please?

Thanks in advance for any advice.

---
Andy Holyer, Systems Administrator
Hedgehog Broadband, 11 Marlborough Place Brighton BN1 1UB
08451 260895 x 241