A client of mine is taking the proactive approach of packaging all of their software using PEAR and distributing it via a custom PEAR channel. I can’t recommend this enough for people that are distributing their PHP code to a number of clients/users.
The problem is that, by default, PEAR channels are consumable by anyone with an internet connection. I sent an email to Greg asking him if there was a way to restrict this and how to go about doing it. As it turns out it’s not only available, but detailed in the free excerpt from his new book The PEAR Installer Manifesto.
There are a number of ways to restrict access. The more complicated approach involves coding a script that handles the authentication and then restricts packages on a per client basis. This is a great way to say client X can install packages A, C and F, while client Y can only install packages B and D.
The route I ended up taking involved simply setting up HTTP-Auth using and
.htpasswd file. Once you have that set up and working you can log in with the following commands.
$ pear -d "pear.mychannel.com" login
Follow the instructions by entering your username and password and you should see a confirmation that you’re logged in. After that you’re allowed to download and install.