mod_idcheck is an Apache authorization software that relies on cookies for authentication.
Here's how it works: when a user first connects to an untrusted webserver, the server will redirect them to the idcheck server for authentication. The idcheck server checks the user's credentials and, if successful, redirects the user's browser back to the page they requested. As it redirects, the server installs a private cookie (scoped only for the idcheck webserver) and a second cookie that acts as a session cookie for the untrusted webserver (which is checked for validity, over HTTP, against the idcheck server) when downloading subsequent pages.
The best part is that when the user accesses another webserver that also has idcheck restricted pages, they don't need to enter their credentials again - thanks to the private idcheck cookie, the user has already authenticated and can bypass the login form. This provides a single sign-on environment for multiple webservers in a single domain.
But that's not all - mod_idcheck also provides detailed, filtered data about the user to other webservers so that they can make fine-grained access decisions. With idcheck and a suitable authentication source (e.g. an LDAP server), it's possible to restrict certain areas of websites to individuals or groups of individuals (e.g. those in the same department).
This package comes with an impressive array of components, including a server implementation written in mod_perl2, a C module for apache2 (mod_idcheck.so) known to build under Linux/Solaris and Netware, PHP and mod_perl example implementations, and even a contributed PAM module that is useful when a web service uses a backend system (like an IMAP server or database) that requires the user to authenticate as themselves.
All in all, mod_idcheck is an excellent cookie-based web authentication and single sign-on system that can be a real lifesaver for those dealing with trust issues on large intranets.
Version 2.0.15: N/A