Apache-AuthCookieDBIRadius
view release on metacpan or search on metacpan
AuthCookie.pm view on Meta::CPAN
This method is responsible for displaying the login form. The default
implementation will make an internal redirect and display the URL you
specified with the C<PerlSetVar WhatEverLoginForm> configuration
directive. You can overwrite this method to provide your own
mechanism.
=item * logout()
This is simply a convenience method that unsets the session key for
you. You can call it in your logout scripts. Usually this looks like
C<$r-E<gt>auth_type-E<gt>logout($r);>.
=item * send_cookie($session_key)
By default this method simply sends out the session key you give it.
If you need to change the default behavior (perhaps to update a
timestamp in the key) you can override this method.
=item * recognize_user()
AuthCookie.pm view on Meta::CPAN
access failed when a cookie is present, your C<authen_ses_key()>
method can set arbitrary entries in C<$r-E<gt>subprocess_env>.
=head1 THE LOGOUT SCRIPT
If you want to let users log themselves out (something that can't be
done using Basic Auth), you need to create a logout script. For an
example, see t/eg/logout.pl. Logout scripts may want to take
advantage of AuthCookie's C<logout()> method, which will set the
proper cookie headers in order to clear the user's cookie. This
usually looks like C<$r-E<gt>auth_type-E<gt>logout($r);>.
Note that if you don't necessarily trust your users, you can't count
on cookie deletion for logging out. You'll have to expire some
server-side login information too. AuthCookie doesn't do this for
you, you have to handle it yourself.
=head1 ABOUT SESSION KEYS
Unlike the sample AuthCookieHandler, you have you verify the user's
login and password in C<authen_cred()>, then you do something
like:
my $date = localtime;
my $ses_key = MD5->hexhash(join(';', $date, $PID, $PAC));
save C<$ses_key> along with the user's login, and return C<$ses_key>.
Now C<authen_ses_key()> looks up the C<$ses_key> passed to it and
returns the saved login. I use Oracle to store the session key and
retrieve it later, see the ToDo section below for some other ideas.
=head1 KNOWN LIMITATIONS
If the first unauthenticated request is a POST, it will be changed to
a GET after the user fills out the login forms, and POSTed data will
be lost.
=head2 TO DO
AuthCookieDBIRadius.pm view on Meta::CPAN
}
# Decrypt the session key.
my $session_key;
if ( $c{ DBI_encryptiontype } eq 'none' )
{
$session_key = $encrypted_session_key;
}
else
{
# Check that this looks like an encrypted hex-encoded string.
unless ( $encrypted_session_key =~ /^[0-9a-fA-F]+$/ )
{
$r->log_reason( "Apache::AuthCookieDBIRadius: encrypted session key $encrypted_session_key doesn't look like it's properly hex-encoded for auth realm $auth_name", $r->uri );
return undef;
}
# Get the cipher from the cache, or create a new one if the
# cached cipher hasn't been created, & decrypt the session key.
my $cipher;
if ( lc $c{ DBI_encryptiontype } eq 'des' ) {
DESCRIPTION
Apache::AuthCookieDBIRadius is a module that subclasses Apache::AuthCookie
and is designed to be directly used for authentication in a mod_perl
server.
It allows you to authenticate against a DBI database -OR- your trusted NT domains
via a Radius server using a login webpage via AuthCookie.
It is a ticket-issuing system that looks up username/passwords in a DBI
database using generic SQL and issues MD5-checksummed tickets valid for
a configurable time period. Incoming requests with tickets are
checksummed and expire-time checked.
Upon failure, it then checks a Radius server for authentication.
(You do not need to run a Radius server to use this. Actually,
Radius authentication is commented out by default. Uncomment the
Radius lines in AuthCookieDBIRadius.pm if you intend to use this method
along with a DBI database. Most won't be using this method. You'll need to
get Radius authentication working first before using AuthCookieDBIRadius.
( run in 0.509 second using v1.01-cache-2.11-cpan-64827b87656 )