Inspired by Kyle, I set up a Mozilla Weave server. (Link goes to directions, not my Weave server, since there’s absolutely nothing to link to or show about it…)
A quick bit of advice: Weave has a “password” (which is used to authenticate with the server) and a “passphrase” (which goes to the public/private key that’s generated). Not only is it important to understand which is which, but you also have to know that they can’t be the same.
A second bit of advice, to save you from pulling your hair out: “invalid password” seems to be its catch-all error message. Apache wasn’t able to create the directories Weave wanted due to a permissions error on my end at first, but I kept assuming Weave’s message about a bad password meant that… my password was wrong. But in actuality, it meant that I had to have Apache’s web user own the directory. (Which, in hindsight, makes sense…)
It’s currently highly beta, in that I just set it up and have no idea if it works… But if you’re interested in an account, let me know!
I think I need to do more work, actually, if this is going to be multi-user… The way it’s set up basically requires that you be a valid user (as I configure), but if you are, it seems to give you carte blanche in the main ‘weave’ folder, meaning that you could theoretically access other users’ data.
I’d also like to play with authentication, and see if I can’t make it database-driven. I think a lot of this could become automated and make things much easier.
Argh! It seems that there _was_ a “mod_auth_mysql” a few years ago, that would allow Apache to use MySQL for synchronization. But it didn’t release any updates in 3-4 years time, and seems to have been dropped from Debian’s packages.
There do exist authentication methods for just about anything else on the planet, though:
libapache-mod-auth-curdir – Apache modules which provide a passwd file in the current directory
libapache-mod-auth-kerb – apache module for Kerberos authentication
libapache-mod-auth-pam – Apache 1 module to authenticate web access using PAM
libapache-mod-auth-pgsql – Apache module for PostgreSQL authentication
libapache-mod-auth-plain – Module for Apache which provides plaintext authentication
libapache-mod-auth-radius – Apache module for RADIUS authentication
libapache-mod-auth-shadow – An Apache module for authentication using /etc/shadow
libapache-mod-auth-useragent – blocks parts of service for certain user agents
libapache-mod-ldap – Apache authentication via LDAP directory
libapache2-mod-auth-kerb – apache2 module for Kerberos authentication
libapache2-mod-auth-pam – module for Apache2 which authenticate using PAM
libapache2-mod-auth-pgsql – Module for Apache2 which provides pgsql authentication
libapache2-mod-auth-plain – Module for Apache2 which provides plaintext authentication
libapache2-mod-auth-sys-group – Module for Apache2 which checks user against system group
I could probably do this in a convoluted way, like using Kerberos or LDAP with a MySQL backend… But I don’t think it’s worth the hassle. The whole point was to make this _easier_ to use.
Oh! I just need to put the .htaccess file in each user’s directory and restrict it to just them! Not sure how I didn’t catch that.
This is easier than I thought. (Though I still want MySQL authentication!)