Projects / mod_auth_pubtkt


mod_auth_pubtkt is a simple Web single sign-on (SSO) solution for Apache. It validates authentication tickets provided by the client in a cookie using public-key cryptography (DSA or RSA). Thus, only the login server that generates the tickets needs to possess the private key, while Web servers can verify tickets given only the public key. The implementation of the login server is left to the user, but an example and a library in PHP are provided with the distribution.

Operating Systems

Recent releases

  •  28 Jun 2012 09:21

    Release Notes: A new option and corresponding field in the ticket ("bauth") make it possible to specify the Basic authorization username/password in the ticket (e.g., when reverse proxying to a third party system which cannot use mod_auth_pubtkt). The credentials can optionally be encrypted in the ticket.

    •  04 Jun 2012 12:35

      Release Notes: The public key can be set per directory instead of only globally. The login URL is now optional, and a new TKTAuthBadIPURL option has been added. Furthermore, the module now compiles with Apache 2.4 and includes a Perl ticket generation module.

      •  30 Nov 2009 21:16

        Release Notes: This release fixes inheritance of the TKTAuthCookieName and TKTAuthBackArgName configuration directives. It improves compatibility with HTTP 1.0 (redirect). It adds an RPM spec file and sample config to the distribution.

        •  24 Mar 2009 08:24

          Release Notes: This release adds automatic ticket refreshing support, fixes a bug with username logging when PHP is installed, and corrects a problem with escaped spaces in ticket cookies.

          •  03 May 2008 20:38

            No changes have been submitted for this release.


            Project Spotlight


            A Fluent OpenStack client API for Java.


            Project Spotlight

            TurnKey TWiki Appliance

            A TWiki appliance that is easy to use and lightweight.