Apache-AuthenRadius
2 results

 view release on metacpan or  search on metacpan

AuthenRadius.pm  view on Meta::CPAN 


# $Id: AuthenRadius.pm,v 1.2 1999/07/31 22:14:23 daniel Exp $
#
# Added digest authentication by Mike McCauley mikem@open.com.au
# especially so it could be used with RadKey token based
# authentication modules for IE5 and Radiator
# http://www.open.com.au/radiator
# http://www.open.com.au/radkey
#
# For Digest Requires Authen::Radius, at least version 0.06 which
# can handle passwords longer than 16 bytes

use strict;
use warnings;
use Authen::Radius;
use Net::hostent;
use Socket;
use vars qw($VERSION);

$VERSION = '0.9';

AuthenRadius.pm  view on Meta::CPAN 

}

sub _handler_basic {
	my $r = shift;
	
	# Continue only if the first request.
	return OK() unless $r->is_initial_req();

	my $reqs_arr = $r->requires() || return OK();

	# Grab the password, or return if HTTP_UNAUTHORIZED
	my($res,$pass) = $r->get_basic_auth_pw();
	return $res if $res;

	# Get the user name.
	my $user = MP2 ? $r->user() : $r->connection->user();

	# Sanity for usernames and passwords.
	if (length $user > 64 or $user =~ /[^A-Za-z0-9@_-.]/) {

		$r->log_error("Apache::AuthenRadius username too long or contains illegal characters", $r->uri());
		$r->note_basic_auth_failure();
		return AUTH_REQUIRED();
	}

	if (length $pass > 256) {

		$r->log_error("Apache::AuthenRadius password too long", $r->uri());
		$r->note_basic_auth_failure();
		return AUTH_REQUIRED();
	}

	return _authen_radius($r, $user, $pass);

}

sub _handler_digest {
	my $r = shift;

AuthenRadius.pm  view on Meta::CPAN 


		# XXXX
		$r->err_header_out($r->proxyreq() ?
			'Proxy-Authenticate' : 'WWW-Authenticate', 
			"Digest algorithm=\"$algorithm\", nonce=\"$nonce\", realm=\"$realm\", stale=\"true\""
		);

		return AUTH_REQUIRED();
	}
	 
	# Send the entire Authorization header as the password
	# let the radius server figure it out
	my $pass = $auth; 

	# Sanity for usernames and passwords.
	if (length $user > 64) {

		$r->log_error("Apache::AuthenRadius username too long or contains illegal characters", $r->uri());
		return AUTH_REQUIRED();
	}

	if (length $pass > 256) {

		$r->log_error("Apache::AuthenRadius password too long", $r->uri());
		return AUTH_REQUIRED();
	}

	return _authen_radius($r, $user, $pass);
}

sub _authen_radius {
	my ($r, $user, $pass) = @_;

	# Radius Server and port.

AuthenRadius.pm  view on Meta::CPAN 


The timeout in seconds to wait for a response from the Radius server.

=item * Auth_Radius_algorithm

For Digest authentication, this is the algorithm to use. Defaults to 'MD5'.
For Basic authentication, it is ignored. If Digest authentication is set,
unauthenticated requests will be sent a Digest challenge, including a nonce.
Authenticated requests will have the nonce checked against
Auth_Radius_nonce_lifetime, then the whole Authentication header sent as the
password to RADIUS.

=item * Auth_Radius_appendToUsername

Appends a string to the end of the user name that is sent to RADIUS.  This
would normally be in the form of a realm (i.e. @some.realm.com) This is useful
where you might want to discriminate between the same user in several
contexts. Clever RADIUS servers such as Radiator can use the realm to let the
user in or no depending on which protected Apache directory they are trying to
access.

AuthenRadius.pm  view on Meta::CPAN 

 PerlModule Apache::AuthenRadius

=head1 PREREQUISITES

For AuthenRadius you need to enable the appropriate call-back hook 
when making mod_perl: 

  perl Makefile.PL PERL_AUTHEN=1

For Digest authentication, you will need Authen::Radius version 
0.06 or better. Version 0.05 only permits 16 byte passwords

=head1 SEE ALSO

L<Apache>, L<mod_perl>, L<Authen::Radius>

=head1 AUTHORS

Authen::Radius by Carl Declerck L<carl@miskatonic.inbe.net>

Apache::AuthenRadius by Dan Sully <daniel | AT | cpan.org>

Changes  view on Meta::CPAN 


	http://www.open.com.au/radiator
	http://www.open.com.au/radkey

	- Updated docs, added tests.

0.04  Tue Jan 18 10:21:38 2000
	- Added support for Digest with customised algorithms.
	  Automatically generates a nonce, and checks for nonce
	  staleness. The entire authentication header is sent
	  to the radius server as the password. Requires Authen::Radius
	  version 0.06 or better to handle long passwords
	  Mike McCauley mikem@open.com.au

0.02  Mon Jun 8 15:10:31 1998
	- Added documentation, packaged up.

0.01  Mon Jun 8 14:11:38 1998
	- original version; created by h2xs 1.18



( run in 1.000 second using v1.01-cache-2.11-cpan-49f99fa48dc )