Apache-LoggedAuthDBI
view release on metacpan or search on metacpan
In case of 'valid-user' the request is accepted.
In case of one or more user-names, they are compared with the given user-name
until the first match.
In case of one or more group-names, all groups of the given username are
looked up in the cache. If the cache is not configured or if the user is not
found in the cache, or if the requested group does not match the cached group,
the groups are requested from the database. A comma separated list of all
these groups is put into the environment variable REMOTE_GROUPS. Then these
groups are compared with the required groups until the first match.
If there is no match and the authoritative directive is set to 'on' the
request is rejected.
In case the authorization succeeds, the environment variable REMOTE_GROUP is
set to the group name, which can be used by user scripts without accessing
the database again.
The SQL-select used for retrieving the groups is as follows (depending upon
the existence of a grp_table):
SELECT grp_field FROM pwd_table WHERE uid_field = user
SELECT grp_field FROM grp_table WHERE uid_field = user
This way the group-information can either be held in the main users table, or
in an extra table, if there is an m:n relationship between users and groups.
From all selected groups a comma-separated list is build, which is compared
with the required groups. If you don't like normalized group records you can
put such a comma-separated list of groups (no spaces) into the grp_field
instead of single groups.
If a grp_whereclause exists, it is appended to the SQL-select.
Cache:
The module maintains an optional cash for all passwords/groups. See the
method setCacheTime(n) on how to enable the cache. Every server has it's
own cache. Optionally the cache can be put into a shared memory segment,
so that it can be shared among all servers. See the CONFIGURATION section
on how to enable the usage of shared memory.
In order to prevent the cache from growing indefinitely a CleanupHandler can
be initialized, which skips through the cache and deletes all outdated entries.
This can be done once per request after sending the response, hence without
slowing down response time to the client. The minimum time between two successive
runs of the CleanupHandler is configurable (see the CONFIGURATION section). The
default is 0, which runs the CleanupHandler after every request.
=head1 LIST OF TOKENS
=item *
Auth_DBI_data_source (Authentication and Authorization)
The data_source value has the syntax 'dbi:driver:dsn'. This parameter is
passed to the database driver for processing during connect. The data_source
parameter (as well as the username and the password parameters) may be a
tilde ('~') separated list of several data_sources. All of these triples will
be used until a successful connect is made. This way several backup-servers can
be configured. if you want to use the environment variable DBI_DSN instead of
a data_source, do not specify this parameter at all.
=item *
Auth_DBI_username (Authentication and Authorization)
The username argument is passed to the database driver for processing during
connect. This parameter may be a tilde ('~') separated list. See the data_source
parameter above for the usage of a list.
=item *
Auth_DBI_password (Authentication and Authorization)
The password argument is passed to the database driver for processing during
connect. This parameter may be a tilde ('~') separated list. See the data_source
parameter above for the usage of a list.
=item *
Auth_DBI_pwd_table (Authentication and Authorization)
Contains at least the fields with the username and the (possibly encrypted)
password. The username should be unique.
=item *
Auth_DBI_uid_field (Authentication and Authorization)
Field name containing the username in the Auth_DBI_pwd_table.
=item *
Auth_DBI_pwd_field (Authentication only)
Field name containing the password in the Auth_DBI_pwd_table.
=item *
Auth_DBI_pwd_whereclause (Authentication only)
Use this option for specifying more constraints to the SQL-select.
=item *
Auth_DBI_grp_table (Authorization only)
Contains at least the fields with the username and the groupname.
=item *
Auth_DBI_grp_field (Authorization only)
Field-name containing the groupname in the Auth_DBI_grp_table.
=item *
Auth_DBI_grp_whereclause (Authorization only)
Use this option for specifying more constraints to the SQL-select.
=item *
Auth_DBI_log_field (Authentication only)
Field name containing the log string in the Auth_DBI_pwd_table.
=item *
Auth_DBI_log_string (Authentication only)
( run in 1.458 second using v1.01-cache-2.11-cpan-d06a3f9ecfd )