CHAPTER 11 – Important PEAR Packages – AUTHENTICATION

PEAR Auth is an abstracted authentication layer, with "containers" for inter- facing with various authentication systems. It supports regular password files, databases accessed through DB or MDB, as well as IMAP, POP3, LDAP, RADIUS, SOAP, and Samba (Windows domain) logons.

Overview The Auth package uses a POST request for passing usernames and passwords. The username and password are checked in a container object that imple- ments the interface with the authentication back-end (such as a password file, a MySQL database, or an LDAP server). When login succeeds, Auth uses ses- sions to keep track of the user. In practice, the PHP session works as an authentication ticket, which is a single piece of information that gives login access for a limited amount of time. Using sessions to track the user has the advantage that the authentica- tion check, which may be expensive for some back-ends, is done once for the session rather than once per HTTP request. The Auth package also provides mechanisms for expiring a session after a set time from login, or after a set idle time. Your application may store addition data along with the Auth data; you will see an example of this later.