Apache2-AuthenSecurID
view release on metacpan or search on metacpan
Auth/Auth.pm view on Meta::CPAN
my $passcode = $req->param('passcode');
my $type = $req->param('type');
my $uri = $req->param('a');
# get ace_initd config directives
my $ace_initd_server = $r->dir_config("ace_initd_server") || "localhost";
my $ace_initd_port = $r->dir_config("ace_initd_port") || 1969;
# grab apache session cookie
my ($session_id) =
( ( $r->headers_in->{"Cookie"} || "" ) =~ /Apache=([^;]+)/ );
my $client = IO::Socket::INET->new(
PeerAddr => $ace_initd_server,
PeerPort => $ace_initd_port,
Proto => 'udp'
);
my %ACE;
my $request;
my $message;
Auth/Auth.pm view on Meta::CPAN
my $extra_input = qq{
<label for="passcode">Passcode :</label>
<input type="password" name="passcode" id="passcode"/>
<input type="hidden" name="type" value="check"/>
<input type="hidden" name="a" value="$uri"/>
};
my $time = time();
if ( $result == 0 ) {
my $auth_cookie = $r->dir_config("AuthCookie") || "SecurID";
my $auth_user_cookie = $r->dir_config("AuthUserCookie")
|| "SecurID_User";
my $crypt_cookie = $crypt->encrypt_hex("$time:$username");
$r->headers_out->add( "Set-Cookie" => $auth_user_cookie . "="
. $username
. "; path="
. "/" );
$r->headers_out->add( "Set-Cookie" => $auth_cookie . "="
. $crypt_cookie
. "; path="
. "/" );
$uri = $crypt->decrypt_hex($uri);
# success
$message = qq{
<span style="font-weight: bold;">User Authenticated</span>
<script language="javascript">
Auth/Auth.pm view on Meta::CPAN
=head1 SYNOPSIS
# Configuration in httpd.conf
<Location /path/of/authentication/handler>
SetHandler perl-script
PerlHandler Apache2::AuthenSecurID::Auth
PerlSetVar AuthCryptKey Encryption_Key
PerlSetVar AuthCookie Name_of_Authentication_Cookie
PerlSetVar AuthUserCookie Name_of_Username_Authentication_Cookie
PerlSetVar AuthCookiePath /path/of/authentication/cookie
PerlSetVar AuthApacheCookie Apache_Cookie
PerlSetVar ace_initd_server name.of.ace.handler.server.com
PerlSetVar ace_initd_port 1969
</Location>
=head1 DESCRIPTION
This module allows authentication against a SecurID server. A request
is redirected to this handler if the authentication cookie does not
exist or is no longer valid. The handler will prompt for username and
passcode. It will then construct and encrypt a UDP packet and send it to
the Ace request daemon. This is necessary since libsdiclient.a needs to
persist for NEXT TOKEN MODE and SET PIN MODE. If the authentication is
valid an encrypted Authentication Cookie is set and the request is redirected
to the originating URI. If the user needs to enter NEXT TOKEN or set their
PIN they will be prompted to do so and if valid the request is then redirected
to the originating URI.
=head1 LIST OF TOKENS
=item *
AuthCryptKey
The Blowfish key used to encrypt and decrypt the authentication cookie.
It defaults to F<my secret> if this variable is not set.
=item *
AuthCookie
The name of the of cookie to be set for the authentication token.
It defaults to F<SecurID> if this variable is not set.
=item *
AuthUserCookie
The name of the of cookie that contains the value of the persons username
in plain text. This is checked against the contents of the encrypted cookie
to verify user. The cookie is set of other applications can identify
authorized users. It defaults to F<SecurID_User> if this variable is not set.
=item *
AuthCookiePath
The path of the of cookie to be set for the authentication token.
It defaults to F</> if this variable is not set.
=item *
AuthApacheCookie
The name of the mod_usertrack cookie. The mod_usertrack module must be
compile and enabled in order to track user sessions. This is set by the
CookieName directive in httpd.conf. It defaults to F<Apache> if this variable
is not set.
=item *
ace_initd_server
The name of the server running the ACE request daemon. This daemon is the
actual process that communicates with the ACE Server. If the user is in
NEXT TOKEN MODE due to repeated failures or SET PIN MODE the Authen::ACE
object must persist beyond the initial request. A request packet is
constructed with a random number, type of transaction, username, passcode
Auth/RCS/Auth.pm,v view on Meta::CPAN
my $passcode = $req->param('passcode');
my $type = $req->param('type');
my $uri = $req->param('a');
# get ace_initd config directives
my $ace_initd_server = $r->dir_config("ace_initd_server") || "localhost";
my $ace_initd_port = $r->dir_config("ace_initd_port") || 1969;
# grab apache session cookie
my ($session_id) =
( ( $r->headers_in->{"Cookie"} || "" ) =~ /Apache=([^;]+)/ );
my $client = IO::Socket::INET->new(
PeerAddr => $ace_initd_server,
PeerPort => $ace_initd_port,
Proto => 'udp'
);
my %ACE;
my $request;
my $message;
Auth/RCS/Auth.pm,v view on Meta::CPAN
my $extra_input = qq{
<label for="passcode">Passcode :</label>
<input type="password" name="passcode" id="passcode"/>
<input type="hidden" name="type" value="check"/>
<input type="hidden" name="a" value="$uri"/>
};
my $time = time();
if ( $result == 0 ) {
my $auth_cookie = $r->dir_config("AuthCookie") || "SecurID";
my $auth_user_cookie = $r->dir_config("AuthUserCookie")
|| "SecurID_User";
my $crypt_cookie = $crypt->encrypt_hex("$time:$username");
$r->headers_out->add( "Set-Cookie" => $auth_user_cookie . "="
. $username
. "; path="
. "/" );
$r->headers_out->add( "Set-Cookie" => $auth_cookie . "="
. $crypt_cookie
. "; path="
. "/" );
$uri = $crypt->decrypt_hex($uri);
# success
$message = qq{
<span style="font-weight: bold;">User Authenticated</span>
<script language="javascript">
Auth/RCS/Auth.pm,v view on Meta::CPAN
=head1 SYNOPSIS
# Configuration in httpd.conf
<Location /path/of/authentication/handler>
SetHandler perl-script
PerlHandler Apache2::AuthenSecurID::Auth
PerlSetVar AuthCryptKey Encryption_Key
PerlSetVar AuthCookie Name_of_Authentication_Cookie
PerlSetVar AuthUserCookie Name_of_Username_Authentication_Cookie
PerlSetVar AuthCookiePath /path/of/authentication/cookie
PerlSetVar AuthApacheCookie Apache_Cookie
PerlSetVar ace_initd_server name.of.ace.handler.server.com
PerlSetVar ace_initd_port 1969
</Location>
=head1 DESCRIPTION
This module allows authentication against a SecurID server. A request
is redirected to this handler if the authentication cookie does not
exist or is no longer valid. The handler will prompt for username and
passcode. It will then construct and encrypt a UDP packet and send it to
the Ace request daemon. This is necessary since libsdiclient.a needs to
persist for NEXT TOKEN MODE and SET PIN MODE. If the authentication is
valid an encrypted Authentication Cookie is set and the request is redirected
to the originating URI. If the user needs to enter NEXT TOKEN or set their
PIN they will be prompted to do so and if valid the request is then redirected
to the originating URI.
=head1 LIST OF TOKENS
=item *
AuthCryptKey
The Blowfish key used to encrypt and decrypt the authentication cookie.
It defaults to F<my secret> if this variable is not set.
=item *
AuthCookie
The name of the of cookie to be set for the authentication token.
It defaults to F<SecurID> if this variable is not set.
=item *
AuthUserCookie
The name of the of cookie that contains the value of the persons username
in plain text. This is checked against the contents of the encrypted cookie
to verify user. The cookie is set of other applications can identify
authorized users. It defaults to F<SecurID_User> if this variable is not set.
=item *
AuthCookiePath
The path of the of cookie to be set for the authentication token.
It defaults to F</> if this variable is not set.
=item *
AuthApacheCookie
The name of the mod_usertrack cookie. The mod_usertrack module must be
compile and enabled in order to track user sessions. This is set by the
CookieName directive in httpd.conf. It defaults to F<Apache> if this variable
is not set.
=item *
ace_initd_server
The name of the server running the ACE request daemon. This daemon is the
actual process that communicates with the ACE Server. If the user is in
NEXT TOKEN MODE due to repeated failures or SET PIN MODE the Authen::ACE
object must persist beyond the initial request. A request packet is
constructed with a random number, type of transaction, username, passcode
Auth/RCS/Auth.pm,v view on Meta::CPAN
my $username = $params {'username'};
my $passcode = $params{'passcode'};
my $type = $params{'type'};
my $uri = $params{'a'};
# get ace_initd config directives
my $ace_initd_server = $r->dir_config("ace_initd_server") || "localhost";
my $ace_initd_port = $r->dir_config("ace_initd_port") || 1969;
# grab apache session cookie
my ( $session_id ) = ( ($r->header_in("Cookie") || "") =~
/Apache=([^;]+)/);
my $client = IO::Socket::INET->new ( PeerAddr => $ace_initd_server,
PeerPort => $ace_initd_port,
Proto => 'udp' );
my %ACE;
my $request;
my $message;
my $extra_input;
Auth/RCS/Auth.pm,v view on Meta::CPAN
d252 107
a358 238
my ( $result, $info, $r, $crypt, $params,$username ) = @@_;
my $message;
my $extra_input;
my $uri = $$params{'a'};
my $time = time ();
if ( $result == 0 ) {
my $auth_cookie = $r->dir_config("AuthCookie") || "SecurID";
my $auth_user_cookie = $r->dir_config("AuthUserCookie") || "SecurID_User";
my $crypt_cookie = $crypt->encrypt_hex ( "$time:$username" );
$r->headers_out->add("Set-Cookie" => $auth_user_cookie . "=" .
$username . "; path=" . "/");
$r->headers_out->add("Set-Cookie" => $auth_cookie . "=" .
$crypt_cookie . "; path=" . "/");
$uri = $crypt->decrypt_hex ( $uri );
# success
$message = qq{
<b>User Authenticated</b><p>
<SCRIPT LANGUAGE="JavaScript">
<!-- Begin
window.location="$uri";
Auth/RCS/Auth.pm,v view on Meta::CPAN
d276 1
a276 1
my ($message,$extra_input)=Ace_Result($result,\%info,$r,$crypt,$params);
d284 1
a284 1
my ( $result, $info, $r, $crypt, $params ) = @@_;
d288 1
d293 5
a297 2
my $crypt_cookie = $crypt->encrypt_hex ( "hello:hello" );
$r->err_header_out("Set-Cookie" => $auth_cookie . "=" .
d529 137
@
1.3
log
@*** empty log message ***
@
text
@d1 1
AuthenSecurID.pm view on Meta::CPAN
# $Id: AuthenSecurID.pm,v 1.7 2007/12/08 03:20:58 atobey Exp $
package Apache2::AuthenSecurID;
use strict;
use Apache2::Const qw(OK AUTH_REQUIRED DECLINED REDIRECT SERVER_ERROR);
use Apache2::RequestUtil ();
use Apache2::RequestRec ();
use Apache2::Cookie;
use Crypt::CBC;
use CGI::Carp;
use vars qw($VERSION);
$VERSION = '0.5';
sub handler {
my $r = shift;
# get configuration directives
my $auth_cookie = $r->dir_config("AuthCookie") || "SecurID";
my $auth_user_cookie = $r->dir_config("AuthUserCookie")||"SecurID_User";
my $crypt_key = $r->dir_config("AuthCryptKey") || "my secret";
my $cookie_timeout = $r->dir_config("AuthCookieTimeOut") || 30;
my $cookie_path = $r->dir_config("AuthCookiePath") || "/";
my $auth_handler = $r->dir_config("Auth_Handler") || "/ace_init";
# get cookies
my ( $session_key ) = ( ($r->headers_in->{Cookie} || "") =~
/${auth_cookie}=([^;]+)/);
my ( $session_user ) = ( ($r->headers_in->{Cookie} || "") =~
/${auth_user_cookie}=([^;]+)/);
my $username;
my $session_time;
# decrypt cookie
my $cipher = new Crypt::CBC($crypt_key,"Blowfish") || warn ( $! );
if ( $session_key ) {
my $plaintext_cookie = $cipher->decrypt_hex($session_key);
AuthenSecurID.pm view on Meta::CPAN
my $timeout = $time - 60 * $cookie_timeout;
my $uri = $r->uri;
# check cookie
if ( $session_key && $username eq $session_user &&
$timeout <= $session_time ) {
$r->no_cache(1);
$r->err_headers_out->add("Pragma" => "no-cache" );
#reset timestamp
my $crypt_cookie = $cipher->encrypt_hex ("$time:$username");
$r->err_headers_out->add("Set-Cookie" => $auth_cookie . "=" .
$crypt_cookie . "; path=" . $cookie_path );
return OK;
} else {
# redirect to authentication handler
my $uri = $cipher->encrypt_hex ( $uri );
$r->no_cache(1);
$r->err_headers_out->add("Pragma" => "no-cache");
$r->headers_out->add("Location" => "$auth_handler?a=" . $uri );
return REDIRECT;
}
AuthenSecurID.pm view on Meta::CPAN
PerlModule Apache2::AuthenSecurID
<Location /secure/directory>
AuthName SecurID
AuthType Basic
PerlAuthenHandler Apache2::AuthenSecurID
PerlSetVar AuthCryptKey Encryption_Key
PerlSetVar AuthCookie Name_of_Authentication_Cookie
PerlSetVar AuthUserCookie Name_of_Username_Authentication_Cookie
PerlSetVar AuthCookiePath /path/of/authentication/cookie
PerlSetVar AuthCookieTimeOut 30
PerlSetVar Auth_Handler /path/of/authentication/handler
require valid-user
</Location>
=head1 DESCRIPTION
This module allows authentication against a SecurID server. It
detects whether a user has a valid encrypted cookie containing their
username and last activity time stamp. If the cookie is valid the module
AuthenSecurID.pm view on Meta::CPAN
=head1 LIST OF TOKENS
=item *
AuthCryptKey
The Blowfish key used to encrypt and decrypt the authentication cookie.
It defaults to F<my secret> if this variable is not set.
=item *
AuthCookie
The name of the of cookie to be set for the authentication token.
It defaults to F<SecurID> if this variable is not set.
=item *
AuthUserCookie
The name of the of cookie that contains the value of the persons username
in plain text. This is checked against the contents of the encrypted cookie
to verify user. The cookie is set of other applications can identify
authorized users. It defaults to F<SecurID_User> if this variable is not set.
=item *
AuthCookiePath
The path of the of cookie to be set for the authentication token.
It defaults to F</> if this variable is not set.
=item *
AuthCookieTimeOut
The time in minute a cookie is valid for. It is not recommended to set
below 5. It defaults to F<30> if this variable is not set.
=item *
Auth_Handler
The path of authentication handler. This is the URL which request with
invalid cookie are redirected to. The handler will prompt for username
and passcode. It does the actual authentication and sets the initial
RCS/AuthenSecurID.pm,v view on Meta::CPAN
@
text
@# $Id: AuthenSecurID.pm,v 1.6 2002/07/31 16:43:44 Administrator Exp $
package Apache2::AuthenSecurID;
use strict;
use Apache2::Const qw(OK AUTH_REQUIRED DECLINED REDIRECT SERVER_ERROR);
use Apache2::RequestUtil ();
use Apache2::RequestRec ();
use Apache2::Cookie;
use Crypt::CBC;
use CGI::Carp;
use vars qw($VERSION);
$VERSION = '0.5';
sub handler {
my $r = shift;
# get configuration directives
my $auth_cookie = $r->dir_config("AuthCookie") || "SecurID";
my $auth_user_cookie = $r->dir_config("AuthUserCookie")||"SecurID_User";
my $crypt_key = $r->dir_config("AuthCryptKey") || "my secret";
my $cookie_timeout = $r->dir_config("AuthCookieTimeOut") || 30;
my $cookie_path = $r->dir_config("AuthCookiePath") || "/";
my $auth_handler = $r->dir_config("Auth_Handler") || "/ace_init";
# get cookies
my ( $session_key ) = ( ($r->headers_in->{Cookie} || "") =~
/${auth_cookie}=([^;]+)/);
my ( $session_user ) = ( ($r->headers_in->{Cookie} || "") =~
/${auth_user_cookie}=([^;]+)/);
my $username;
my $session_time;
# decrypt cookie
my $cipher = new Crypt::CBC($crypt_key,"Blowfish") || warn ( $! );
if ( $session_key ) {
my $plaintext_cookie = $cipher->decrypt_hex($session_key);
RCS/AuthenSecurID.pm,v view on Meta::CPAN
my $timeout = $time - 60 * $cookie_timeout;
my $uri = $r->uri;
# check cookie
if ( $session_key && $username eq $session_user &&
$timeout <= $session_time ) {
$r->no_cache(1);
$r->err_headers_out->add("Pragma" => "no-cache" );
#reset timestamp
my $crypt_cookie = $cipher->encrypt_hex ("$time:$username");
$r->err_headers_out->add("Set-Cookie" => $auth_cookie . "=" .
$crypt_cookie . "; path=" . $cookie_path );
return OK;
} else {
# redirect to authentication handler
my $uri = $cipher->encrypt_hex ( $uri );
$r->no_cache(1);
$r->err_headers_out->add("Pragma" => "no-cache");
$r->headers_out->add("Location" => "$auth_handler?a=" . $uri );
return REDIRECT;
}
RCS/AuthenSecurID.pm,v view on Meta::CPAN
PerlModule Apache2::AuthenSecurID
<Location /secure/directory>
AuthName SecurID
AuthType Basic
PerlAuthenHandler Apache2::AuthenSecurID
PerlSetVar AuthCryptKey Encryption_Key
PerlSetVar AuthCookie Name_of_Authentication_Cookie
PerlSetVar AuthUserCookie Name_of_Username_Authentication_Cookie
PerlSetVar AuthCookiePath /path/of/authentication/cookie
PerlSetVar AuthCookieTimeOut 30
PerlSetVar Auth_Handler /path/of/authentication/handler
require valid-user
</Location>
=head1 DESCRIPTION
This module allows authentication against a SecurID server. It
detects whether a user has a valid encrypted cookie containing their
username and last activity time stamp. If the cookie is valid the module
RCS/AuthenSecurID.pm,v view on Meta::CPAN
=head1 LIST OF TOKENS
=item *
AuthCryptKey
The Blowfish key used to encrypt and decrypt the authentication cookie.
It defaults to F<my secret> if this variable is not set.
=item *
AuthCookie
The name of the of cookie to be set for the authentication token.
It defaults to F<SecurID> if this variable is not set.
=item *
AuthUserCookie
The name of the of cookie that contains the value of the persons username
in plain text. This is checked against the contents of the encrypted cookie
to verify user. The cookie is set of other applications can identify
authorized users. It defaults to F<SecurID_User> if this variable is not set.
=item *
AuthCookiePath
The path of the of cookie to be set for the authentication token.
It defaults to F</> if this variable is not set.
=item *
AuthCookieTimeOut
The time in minute a cookie is valid for. It is not recommended to set
below 5. It defaults to F<30> if this variable is not set.
=item *
Auth_Handler
The path of authentication handler. This is the URL which request with
invalid cookie are redirected to. The handler will prompt for username
and passcode. It does the actual authentication and sets the initial
RCS/AuthenSecurID.pm,v view on Meta::CPAN
# $Id: AuthenSecurID.pm,v 1.5 2002/07/30 20:15:39 Administrator Exp $
d3 1
a3 1
package Apache::AuthenSecurID;
d6 4
a9 5
use Apache ();
use Apache::Registry;
use Apache::Log;
use Apache::Constants qw(OK AUTH_REQUIRED DECLINED REDIRECT SERVER_ERROR);
use Apache::Cookie;
d14 1
a14 1
$VERSION = '0.4';
d32 1
a32 1
my ( $session_key ) = ( ($r->header_in("Cookie") || "") =~
d34 1
a34 1
my ( $session_user ) = ( ($r->header_in("Cookie") || "") =~
d66 2
a67 2
$r->err_header_out("Pragma" => "no-cache");
$r->header_out("Location" => "$auth_handler?a=" . $uri );
d78 1
a78 1
Apache::AuthenSecurID - Authentication via a SecurID server
d84 1
a84 1
PerlModule Apache::AuthenSecurID
RCS/AuthenSecurID.pm,v view on Meta::CPAN
1.4
log
@documentation
@
text
@d1 1
a1 1
# $Id: AuthenSecurID.pm,v 1.3 2001/06/21 14:50:24 root Exp root $
d96 1
a96 1
PerlSetVar AuthCookieHandler /path/of/authentication/handler
d146 1
a146 1
AuthCookieHandler
@
1.3
log
@many fixes
@
text
@d1 1
a1 1
RCS/AuthenSecurID.pm,v view on Meta::CPAN
d14 1
a14 1
$VERSION = '0.3';
a26 3
my($res,$pass) = $r->get_basic_auth_pw;
$r->log_reason("$res $pass", $r->uri);
$log->debug("$res $pass");
a27 3
return $res if $res != OK;
# Handle Cookie
a28 4
$log->debug("$auth_cookie");
my $cookie_path = $r->dir_config("AuthCookiePath") || "/";
$log->debug("$cookie_path");
a30 1
$log->debug("$crypt_key");
d33 2
a34 1
$log->debug("$cookie_timeout");
a39 1
my $user = $r->connection->user;
d54 1
a54 11
if ( $session_key
&& $user eq $username
&& ($session_time+($cookie_timeout * 60) >= $time) ) {
# OK set cookie
# my $auth_cookie = $cipher->encrypt_hex ( "$user:$time" );
# $r->err_header_out("Set-Cookie" => $auth_cookie . "=" .
# $auth_cookie . "; path=" . $cookie_path);
# $r->no_cache(1);
# $r->err_header_out("Pragma", "no-cache");
# $r->header_out("Location" => $r->uri);
a55 51
}
# SecurID Config Directory
my $VAR_ACE = $r->dir_config("Auth_SecurID_VAR_ACE") || "/var/ace";
RCS/AuthenSecurID.pm,v view on Meta::CPAN
."init",$r->uri);
return SERVER_ERROR;
}
# Do the actual check.
my ( $result, $info ) = $ace->Check ( $pass, $user );
if ($result == ACM_OK) {
$r->log_reason("Apache::AuthenSecurID succeed auth user"
. "$user" ,$r->uri);
my $auth_cookie = $cipher->encrypt_hex ( "$user:$time" );
$r->err_header_out("Set-Cookie" => $auth_cookie . "=" .
$auth_cookie . "; path=" . $cookie_path);
$r->no_cache(1);
$r->err_header_out("Pragma", "no-cache");
$r->header_out("Location" => $r->uri);
return OK;
#return REDIRECT;
d57 4
a60 4
$r->log_reason("Apache::AuthenSecurID failed for user $user $res $VAR_ACE",
$r->uri);
RCS/README,v view on Meta::CPAN
SYNOPSIS
# Configuration in httpd.conf or access.conf
PerlModule Apache2::AuthenSecurID
<Location /secure/directory> AuthName SecurID AuthType Basic
PerlAuthenHandler Apache2::AuthenSecurID
PerlSetVar AuthCryptKey Encryption_Key
PerlSetVar AuthCookie Name_of_Authentication_Cookie
PerlSetVar AuthUserCookie Name_of_Username_Authentication_Cookie
PerlSetVar AuthCookiePath /path/of/authentication/cookie
PerlSetVar AuthCookieTimeOut 30
PerlSetVar Auth_Handler /path/of/authentication/handler
require valid-user
</Location>
DESCRIPTION
This module allows authentication against a SecurID server. It detects
whether a user has a valid encrypted cookie containing their username
and last activity time stamp. If the cookie is valid the module will
change the activity timestamp to the present time, encrypt and send the
cookie. If the cookie is not valid the module will redirect to the
authentication handler to prompt for username and passcode.
LIST OF TOKENS
* AuthCryptKey
The Blowfish key used to encrypt and decrypt the authentication cookie.
It defaults to my secret if this variable is not set.
* AuthCookie
The name of the of cookie to be set for the authentication token. It
defaults to SecurID if this variable is not set.
* AuthUserCookie
The name of the of cookie that contains the value of the persons
username in plain text. This is checked against the contents of the
encrypted cookie to verify user. The cookie is set of other applications
can identify authorized users. It defaults to SecurID_User if this
variable is not set.
* AuthCookiePath
The path of the of cookie to be set for the authentication token. It
defaults to / if this variable is not set.
* AuthCookieTimeOut
The time in minute a cookie is valid for. It is not recommended to set
below 5. It defaults to 30 if this variable is not set.
* Auth_Handler
The path of authentication handler. This is the URL which request with
invalid cookie are redirected to. The handler will prompt for username
and passcode. It does the actual authentication and sets the initial
cookie. This mechanism is used instead of get_basic_auth_pw because
get_basic_auth_pw will do multiple authentication attempt on pages that
contain frames. The ACE server will deny simultaneous authentication
RCS/README,v view on Meta::CPAN
Apache2::AuthenSecurID::Auth - Authentication handler for
Apache2::AuthenSecurID
SYNOPSIS
# Configuration in httpd.conf
<Location /path/of/authentication/handler> SetHandler perl-script
PerlHandler Apache2::AuthenSecurID::Auth
PerlSetVar AuthCryptKey Encryption_Key
PerlSetVar AuthCookie Name_of_Authentication_Cookie
PerlSetVar AuthUserCookie Name_of_Username_Authentication_Cookie
PerlSetVar AuthCookiePath /path/of/authentication/cookie
PerlSetVar AuthApacheCookie Apache_Cookie
PerlSetVar ace_initd_server name.of.ace.handler.server.com
PerlSetVar ace_initd_port 1969
</Location>
DESCRIPTION
This module allows authentication against a SecurID server. A request is
redirected to this handler if the authentication cookie does not exist
or is no longer valid. The handler will prompt for username and
passcode. It will then construct and encrypt a UDP packet and send it to
the Ace request daemon. This is necessary since libsdiclient.a needs to
persist for NEXT TOKEN MODE and SET PIN MODE. If the authentication is
valid an encrypted Authentication Cookie is set and the request is
redirected to the originating URI. If the user needs to enter NEXT TOKEN
or set their PIN they will be prompted to do so and if valid the request
is then redirected to the originating URI.
LIST OF TOKENS
* AuthCryptKey
The Blowfish key used to encrypt and decrypt the authentication cookie.
It defaults to my secret if this variable is not set.
* AuthCookie
The name of the of cookie to be set for the authentication token. It
defaults to SecurID if this variable is not set.
* AuthUserCookie
The name of the of cookie that contains the value of the persons
username in plain text. This is checked against the contents of the
encrypted cookie to verify user. The cookie is set of other applications
can identify authorized users. It defaults to SecurID_User if this
variable is not set.
* AuthCookiePath
The path of the of cookie to be set for the authentication token. It
defaults to / if this variable is not set.
* AuthApacheCookie
The name of the mod_usertrack cookie. The mod_usertrack module must be
compile and enabled in order to track user sessions. This is set by the
CookieName directive in httpd.conf. It defaults to Apache if this
variable is not set.
* ace_initd_server
The name of the server running the ACE request daemon. This daemon is
the actual process that communicates with the ACE Server. If the user is
in NEXT TOKEN MODE due to repeated failures or SET PIN MODE the
Authen::ACE object must persist beyond the initial request. A request
packet is constructed with a random number, type of transaction,
username, passcode and session identifier. The request packet is then
encrypted using Blowfish and sent to the ACE request daemon. The ACE
RCS/README,v view on Meta::CPAN
PerlModule Apache::AuthenSecurID
<Location /secure/directory>
AuthName SecurID
AuthType Basic
PerlAuthenHandler Apache::AuthenSecurID
PerlSetVar AuthCryptKey Encryption_Key
PerlSetVar AuthCookie Name_of_Authentication_Cookie
PerlSetVar AuthUserCookie Name_of_Username_Authentication_Cookie
PerlSetVar AuthCookiePath /path/of/authentication/cookie
PerlSetVar AuthCookieTimeOut 30
PerlSetVar Auth_Handler /path/of/authentication/handler
d34 6
a39 2
require valid-user
</Location>
d41 2
d45 6
a50 8
This module allows authentication against a SecurID
server. It detects whether a user has a valid encrypted
RCS/README,v view on Meta::CPAN
the cookie. If the cookie is not valid the module will
redirect to the authentication handler to prompt for
username and passcode.
d53 33
a85 44
o AuthCryptKey
The Blowfish key used to encrypt and decrypt the
authentication cookie. It defaults to my secret if
this variable is not set.
o AuthCookie
The name of the of cookie to be set for the
authentication token. It defaults to SecurID if
this variable is not set.
o AuthUserCookie
The name of the of cookie that contains the value
of the persons username in plain text. This is
checked against the contents of the encrypted
cookie to verify user. The cookie is set of other
applications can identify authorized users. It
defaults to SecurID_User if this variable is not
set.
o AuthCookiePath
The path of the of cookie to be set for the
authentication token. It defaults to / if this
variable is not set.
o AuthCookieTimeOut
The time in minute a cookie is valid for. It is
not recommended to set below 5. It defaults to 30
if this variable is not set.
o Auth_Handler
The path of authentication handler. This is the
URL which request with invalid cookie are
redirected to. The handler will prompt for
username and passcode. It does the actual
authentication and sets the initial cookie. This
RCS/README,v view on Meta::CPAN
d119 1
a119 1
# Configuration in httpd.conf
d121 2
a122 12
<Location /path/of/authentication/handler>
SetHandler perl-script
PerlHandler Apache::AuthenSecurID::Auth
PerlSetVar AuthCryptKey Encryption_Key
PerlSetVar AuthCookie Name_of_Authentication_Cookie
PerlSetVar AuthUserCookie Name_of_Username_Authentication_Cookie
PerlSetVar AuthCookiePath /path/of/authentication/cookie
PerlSetVar AuthApacheCookie Apache_Cookie
PerlSetVar ace_initd_server name.of.ace.handler.server.com
PerlSetVar ace_initd_port 1969
</Location>
d124 8
d134 10
a143 13
This module allows authentication against a SecurID
server. A request is redirected to this handler if the
authentication cookie does not exist or is no longer
valid. The handler will prompt for username and passcode.
It will then construct and encrypt a UDP packet and send
it to the Ace request daemon. This is necessary since
libsdiclient.a needs to persist for NEXT TOKEN MODE and
SET PIN MODE. If the authentication is valid an encrypted
Authentication Cookie is set and the request is redirected
to the originating URI. If the user needs to enter NEXT
TOKEN or set their PIN they will be prompted to do so and
if valid the request is then redirected to the originating
URI.
d146 41
a186 53
o AuthCryptKey
The Blowfish key used to encrypt and decrypt the
authentication cookie. It defaults to my secret if
this variable is not set.
o AuthCookie
The name of the of cookie to be set for the
authentication token. It defaults to SecurID if
this variable is not set.
o AuthUserCookie
The name of the of cookie that contains the value
of the persons username in plain text. This is
checked against the contents of the encrypted
cookie to verify user. The cookie is set of other
applications can identify authorized users. It
defaults to SecurID_User if this variable is not
set.
o AuthCookiePath
The path of the of cookie to be set for the
authentication token. It defaults to / if this
variable is not set.
o AuthApacheCookie
The name of the mod_usertrack cookie. The
mod_usertrack module must be compile and enabled in
order to track user sessions. This is set by the
CookieName directive in httpd.conf. It defaults to
Apache if this variable is not set.
o ace_initd_server
The name of the server running the ACE request
daemon. This daemon is the actual process that
communicates with the ACE Server. If the user is
in NEXT TOKEN MODE due to repeated failures or SET
PIN MODE the Authen::ACE object must persist beyond
the initial request. A request packet is
constructed with a random number, type of
RCS/README,v view on Meta::CPAN
1.2
log
@docs
@
text
@d1 1
a1 1
# $Id: README,v 1.1 2001/06/19 19:45:55 root Exp root $
d40 1
a40 1
PerlSetVar AuthCookieHandler /path/of/authentication/handler
d86 1
a86 1
o AuthCookieHandler
@
1.1
log
@Initial revision
@
text
@d1 1
a1 1
SYNOPSIS
# Configuration in httpd.conf or access.conf
PerlModule Apache2::AuthenSecurID
<Location /secure/directory> AuthName SecurID AuthType Basic
PerlAuthenHandler Apache2::AuthenSecurID
PerlSetVar AuthCryptKey Encryption_Key
PerlSetVar AuthCookie Name_of_Authentication_Cookie
PerlSetVar AuthUserCookie Name_of_Username_Authentication_Cookie
PerlSetVar AuthCookiePath /path/of/authentication/cookie
PerlSetVar AuthCookieTimeOut 30
PerlSetVar Auth_Handler /path/of/authentication/handler
require valid-user
</Location>
DESCRIPTION
This module allows authentication against a SecurID server. It detects
whether a user has a valid encrypted cookie containing their username
and last activity time stamp. If the cookie is valid the module will
change the activity timestamp to the present time, encrypt and send the
cookie. If the cookie is not valid the module will redirect to the
authentication handler to prompt for username and passcode.
LIST OF TOKENS
* AuthCryptKey
The Blowfish key used to encrypt and decrypt the authentication cookie.
It defaults to my secret if this variable is not set.
* AuthCookie
The name of the of cookie to be set for the authentication token. It
defaults to SecurID if this variable is not set.
* AuthUserCookie
The name of the of cookie that contains the value of the persons
username in plain text. This is checked against the contents of the
encrypted cookie to verify user. The cookie is set of other applications
can identify authorized users. It defaults to SecurID_User if this
variable is not set.
* AuthCookiePath
The path of the of cookie to be set for the authentication token. It
defaults to / if this variable is not set.
* AuthCookieTimeOut
The time in minute a cookie is valid for. It is not recommended to set
below 5. It defaults to 30 if this variable is not set.
* Auth_Handler
The path of authentication handler. This is the URL which request with
invalid cookie are redirected to. The handler will prompt for username
and passcode. It does the actual authentication and sets the initial
cookie. This mechanism is used instead of get_basic_auth_pw because
get_basic_auth_pw will do multiple authentication attempt on pages that
contain frames. The ACE server will deny simultaneous authentication
Apache2::AuthenSecurID::Auth - Authentication handler for
Apache2::AuthenSecurID
SYNOPSIS
# Configuration in httpd.conf
<Location /path/of/authentication/handler> SetHandler perl-script
PerlHandler Apache2::AuthenSecurID::Auth
PerlSetVar AuthCryptKey Encryption_Key
PerlSetVar AuthCookie Name_of_Authentication_Cookie
PerlSetVar AuthUserCookie Name_of_Username_Authentication_Cookie
PerlSetVar AuthCookiePath /path/of/authentication/cookie
PerlSetVar AuthApacheCookie Apache_Cookie
PerlSetVar ace_initd_server name.of.ace.handler.server.com
PerlSetVar ace_initd_port 1969
</Location>
DESCRIPTION
This module allows authentication against a SecurID server. A request is
redirected to this handler if the authentication cookie does not exist
or is no longer valid. The handler will prompt for username and
passcode. It will then construct and encrypt a UDP packet and send it to
the Ace request daemon. This is necessary since libsdiclient.a needs to
persist for NEXT TOKEN MODE and SET PIN MODE. If the authentication is
valid an encrypted Authentication Cookie is set and the request is
redirected to the originating URI. If the user needs to enter NEXT TOKEN
or set their PIN they will be prompted to do so and if valid the request
is then redirected to the originating URI.
LIST OF TOKENS
* AuthCryptKey
The Blowfish key used to encrypt and decrypt the authentication cookie.
It defaults to my secret if this variable is not set.
* AuthCookie
The name of the of cookie to be set for the authentication token. It
defaults to SecurID if this variable is not set.
* AuthUserCookie
The name of the of cookie that contains the value of the persons
username in plain text. This is checked against the contents of the
encrypted cookie to verify user. The cookie is set of other applications
can identify authorized users. It defaults to SecurID_User if this
variable is not set.
* AuthCookiePath
The path of the of cookie to be set for the authentication token. It
defaults to / if this variable is not set.
* AuthApacheCookie
The name of the mod_usertrack cookie. The mod_usertrack module must be
compile and enabled in order to track user sessions. This is set by the
CookieName directive in httpd.conf. It defaults to Apache if this
variable is not set.
* ace_initd_server
The name of the server running the ACE request daemon. This daemon is
the actual process that communicates with the ACE Server. If the user is
in NEXT TOKEN MODE due to repeated failures or SET PIN MODE the
Authen::ACE object must persist beyond the initial request. A request
packet is constructed with a random number, type of transaction,
username, passcode and session identifier. The request packet is then
encrypted using Blowfish and sent to the ACE request daemon. The ACE
redhat/httpd/conf.d/authensecurid.conf view on Meta::CPAN
LoadModule apreq_module modules/mod_apreq2.so
PerlModule Apache2::AuthenSecurID
PerlModule Apache2::AuthenSecurID::Auth
PerlSetEnv VAR_ACE /var/ace
<Location /ace_init>
SetHandler perl-script
PerlHandler Apache2::AuthenSecurID::Auth
PerlSetVar AuthCryptKey secret
PerlSetVar AuthCookie RSA_SecurID
PerlSetVar AuthUserCookie RSA_SecurID_User
PerlSetVar AuthCookiePath /
PerlSetVar AuthApacheCookie RSA_SecurID_Apache_Cookie
PerlSetVar ace_initd_server 127.0.0.1
PerlSetVar ace_initd_port 1969
</Location>
<Location /secure>
AuthName SecurID
AuthType Basic
PerlAuthenHandler Apache2::AuthenSecurID
PerlSetVar AuthCryptKey secret
PerlSetVar AuthCookie RSA_SecurID
PerlSetVar AuthUserCookie RSA_SecurID_User
PerlSetVar AuthCookiePath /
PerlSetVar Auth_Handler /ace_init
PerlSetVar AuthCookieTimeOut 30
require valid-user
</Location>
( run in 0.480 second using v1.01-cache-2.11-cpan-e9199f4ba4c )