view release on metacpan or  search on metacpan

AuthDBI.pm  view on Meta::CPAN

=item *
Auth_DBI_password (Authentication and Authorization)

The password argument is passed to the database driver for processing during 
connect. This parameter may be a tilde ('~')  separated list. See the data_source 
parameter above for the usage of a list. 

=item *
Auth_DBI_pwd_table (Authentication and Authorization)

Contains at least the fields with the username and the (possibly encrypted) 
password. The username should be unique. 

=item *
Auth_DBI_uid_field (Authentication and Authorization)

Field name containing the username in the Auth_DBI_pwd_table. 

=item *
Auth_DBI_pwd_field (Authentication only)

Field name containing the password in the Auth_DBI_pwd_table. 

=item *
Auth_DBI_pwd_whereclause (Authentication only)

Use this option for specifying more constraints to the SQL-select.

=item *
Auth_DBI_grp_table (Authorization only)

Contains at least the fields with the username and the groupname. 

=item *
Auth_DBI_grp_field (Authorization only)

Field-name containing the groupname in the Auth_DBI_grp_table. 

=item *
Auth_DBI_grp_whereclause (Authorization only)

Use this option for specifying more constraints to the SQL-select.

=item *
Auth_DBI_log_field (Authentication only)

Field name containing the log string in the Auth_DBI_pwd_table. 

=item *
Auth_DBI_log_string (Authentication only)

String to update the Auth_DBI_log_field in the Auth_DBI_pwd_table. Depending 
upon the database this can be a macro like 'TODAY'. 

=item *
Auth_DBI_authoritative  < on / off> (Authentication and Authorization)

Default is 'on'. When set 'on', there is no fall-through to other 
authentication methods if the authentication check fails. When this directive 
is set to 'off', control is passed on to any other authentication modules. Be 
sure you know what you are doing when you decide to switch it off. 

=item *
Auth_DBI_nopasswd  < on / off > (Authentication only)

Default is 'off'. When set 'on' the password comparison is skipped if the 
password retrieved from the database is empty, i.e. allow any password. This is 
'off' by default to ensure that an empty Auth_DBI_pwd_field does not allow people 
to log in with a random password. Be sure you know what you are doing when you 
decide to switch it on. 

=item *
Auth_DBI_encrypted  < on / off > (Authentication only)

Default is 'on'. When set to 'on', the password retrieved from the database 
is assumed to be crypted. Hence the incoming password will be crypted before 
comparison. When this directive is set to 'off', the comparison is done directly 
with the plain-text entered password.

=item *
Auth_DBI_encryption_method < sha1hex/md5hex/crypt > (Authentication only)

Default is blank. When set to one or more encryption method, the password retrieved 
from the database is assumed to be crypted. Hence the incoming password will be crypted 
before comparison.  The method supports falling back so specifying 'sha1hex/md5hex' would
allow for a site that is upgrading to sha1 to support both methods.  sha1 is the
recommended method.

=item *
Auth_DBI_encryption_salt < password / userid > (Authentication only)

When crypting the given password AuthDBI uses per default the password selected 
from the database as salt. Setting this parameter to 'userid', the module uses 
the userid as salt. 

=item *
Auth_DBI_uidcasesensitive  < on / off > (Authentication and Authorization)

Default is 'on'. When set 'off', the entered userid is converted to lower case.
Also the userid in the password select-statement is converted to lower case. 

=item *
Auth_DBI_pwdcasesensitive  < on / off > (Authentication only)

Default is 'on'. When set 'off', the entered password is converted to lower 
case. 

=item *
Auth_DBI_placeholder < on / off > (Authentication and Authorization)

Default is 'off'.  When set 'on', the select statement is prepared using a 
placeholder for the username.  This may result in improved performance for 
databases supporting this method.
 

=head1 CONFIGURATION

The module should be loaded upon startup of the Apache daemon.
Add the following line to your httpd.conf:

 PerlModule Apache::AuthDBI

A common usage is to load the module in a startup file via the PerlRequire 
directive. See eg/startup.pl for an example. 

There are three configurations which are server-specific and which can be done 
in a startup file: 

 Apache::AuthDBI->setCacheTime(0);