Apache2-AuthenRadius
2 results

 view release on metacpan or  search on metacpan

AuthenRadius.pm  view on Meta::CPAN 

use Apache2::Connection;
use Apache2::RequestRec;
use Apache2::Access;
use Apache2::RequestUtil;
use Apache2::Log;
use APR::SockAddr;
use Authen::Radius;

$VERSION = '0.9';

# Create my own method to check a password
# The Authen::Radius->check_pwd method was too restrictive
# to use. We needed a function that returned all possible
# values.
sub chk_passwd {
  my ($rad, $uname, $upwd, $nas) = @_;

  $rad->clear_attributes;
  $rad->add_attributes (
			{Name => 1, Value => $uname, Type => 'string' },
			{Name => 2, Value => $upwd, Type => 'string' },

AuthenRadius.pm  view on Meta::CPAN 


sub handler {
  my $r = shift;
  
  # Continue only if the first request.
  return OK unless $r->is_initial_req();
  
  my $reqs_arr = $r->requires;
  return OK unless $reqs_arr;
  
  # Grab the password, or return if HTTP_UNAUTHORIZED
  my($res,$pass) = $r->get_basic_auth_pw;
  return $res if $res;
  
  # Get the user name.
  my $user = $r->user;
  
  # Primary Radius Server and port.
  my $host1    = $r->dir_config("Auth_Radius_host1") or return DECLINED;
  my $port1    = $r->dir_config("Auth_Radius_port1") || 1647;

AuthenRadius.pm  view on Meta::CPAN 

  # Secondary Radius Server and port.
  my $host2   = $r->dir_config("Auth_Radius_host2");
  my $port2    = $r->dir_config("Auth_Radius_port2") || 1647;
  
  # Shared secret for the secondary host we are running on.
  my $secret2  = $r->dir_config("Auth_Radius_secret2");
  
  # Timeout to wait for a response from the radius server.
  my $timeout = $r->dir_config("Auth_Radius_timeout") || 5;
  
  # Sanity for usernames and passwords.
  if (length $user > 64 or $user =~ /[^A-Za-z0-9\@\.\-\_\#\:]/) {
    $r->log_reason("Apache2::AuthenRadius username too long or"
		   ."contains illegal characters. URI:", $r->uri);
    $r->note_basic_auth_failure;
    return HTTP_UNAUTHORIZED;
  }

  # Prepend realm if set
  if ($r->dir_config("Auth_Radius_prependToUsername")) {
    $user = $r->dir_config("Auth_Radius_prependToUsername") . $user;
  }

  # Postfix realm if set
  if ($r->dir_config("Auth_Radius_postfixToUsername")) {
    $user .= $r->dir_config("Auth_Radius_postfixToUsername");
  }

  if (length $pass > 256) {
    $r->log_reason("Apache2::AuthenRadius password too long. URI:",$r->uri);
    $r->note_basic_auth_failure;
    return HTTP_UNAUTHORIZED;
  }
  
  # Create the object for the primary RADIUS query
  my $radius = Authen::Radius->new(
				   Host => "$host1:$port1",
				   Secret => $secret1,
				   TimeOut => $timeout
				  );

AuthenRadius.pm  view on Meta::CPAN 

Auth_Radius_timeout

The timeout in seconds to wait for a response from the Radius server.

=item *
Auth_Radius_prependToUsername

Prefix's a string to the beginning of the user name that is sent to
the Radius Server. This would typically be in the form of REALM/ or
REALM%. Most Radius servers support prefixed or suffixed realms and
so allow for different user name  / password lists.

You can both postfix and prefix a realm at the same time.  Your
radius server might not deal with it very well.

=item *
Auth_Radius_postfixToUsername

Postfix's a string to the end of the user name that is sent to
the Radius Server. This would typically be in the form of @REALM or
%REALM. Most Radius servers support prefixed or suffixed realms and
so allow for different user name  / password lists.

You can both postfix and prefix a realm at the same time.  Your
radius server might not deal with it very well.

=head1 CONFIGURATION

The module should be loaded upon startup of the Apache daemon.
Add the following line to your httpd.conf:

 PerlModule Apache2::AuthenRadius

Changes  view on Meta::CPAN 

0.6 Tue Dec 22 08:20:00 2009
    - Added realm prepending from Timothy <nzkbuk at gmail.com>
    - Added realm postfixing

0.5  Wed Aug 24 18:00:00 2005
	- Replaced all calls to old ModPerl 1 API

0.4  Mon Apr 18 10:30:30 2005
	- Modified from Apache::AuthenRadius
	- Clean up the package a bit 
        - Uses its own password checking subroutine to
          allow returning all possible values
	- Added logic for checking a primary and 
          secondary RADIUS servers
        - Allows for better username validation
	- The package now informs the RADIUS servers
          about the NAS-IP-Address to use when 
          checking
	- Logging reporting modified to give a better
          idea of what's going on
	- Added enough comments to make it easily



( run in 0.740 second using v1.01-cache-2.11-cpan-49f99fa48dc )