• Your recent searches
Apache-AuthenNTLM
6 results

 view release on metacpan or  search on metacpan

AuthenNTLM.pm  view on Meta::CPAN 

If you enter the ntdomain as:

PerlAddVar ntdomain 192.168.0.2

Then you will never be able be able to authenticate to the remote server correctly,
and you will receive a "Can not get NONCE" error in the error_log.  You must 
specify it as:

PerlAddVar ntdomain SPEEVES

This means that you will need to resolve the DOMAIN locally on the web server
machine.  I put it into the /etc/hosts file.

For the complete run-down on this issue, check out:

http://www.gossamer-threads.com/archive/mod_perl_C1/modperl_F7/%5BFwd:_Re:_Apache::AuthenNTLM-2.04_Problems..%5D_P104237/

=head2 PerlSetVar defaultdomain 

Set the default domain. This is used when the client does not provide
any information about the domain.

=head2 PerlSetVar fallbackdomain 

fallbackdomain is used in cases where the domain that the user supplied
isn't configured. This is useful in environments where you have a lot of
domains, which trust each other, allowing you to always authenticate against
a single domain, (removing the need to configure all domains available in
your network).

=head2 PerlSetVar ntlmauthoritative

Setting the ntlmauthoritative directive explicitly to 'off' allows authentication
to be passed on to lower level modules if AuthenNTLM cannot authenticate the user
and the NTLM authentication scheme is used.
If set to 'on', which is the default, AuthenNTLM will try to verify the user and,
if it fails, will give an Authorization Required reply. 

=head2 PerlSetVar basicauthoritative

Setting the ntlmauthoritative directive explicitly to 'off' allows authentication
to be passed on to lower level modules if AuthenNTLM cannot authenticate the user
and the Basic authentication scheme is used.
If set to 'on', which is the default, AuthenNTLM will try to verify the user and
if it fails will give an Authorization Required reply. 

=head2 PerlSetVar ntlmsemkey 

There are troubles when two authentication requests take place at the same 
time. If the second request starts, before the first request has successfully 
verified the user to the smb (windows) server, the smb server will terminate the first 
request. To avoid this Apache::AuthenNTLM serializes all requests. It uses a semaphore
for this purpose. The semkey directive set the key which is used (default: 23754).
Set it to zero to turn serialization off.

=head2 PerlSetVar ntlmsemtimeout

This set the timeout value used to wait for the semaphore. The default is two seconds.
It is very small because during the time Apache waits for the semaphore, no other
authentication request can be sent to the windows server. Also Apache::AuthenNTLM
only asks the windows server once per keep-alive connection, this timeout value
should be as small as possible.

=head2 PerlSetVar splitdomainprefix

If set to 1, $self -> map_user ($r) will return "username" 
else $self -> map_user ($r) will return "domain\username"
 
Default is "domain\username" 

=head2 PerlSetVar ntlmdebug 

Set this to 1 if you want extra debugging information in the error log.
Set it to 2 to also see the binary data of the NTLM headers.


=head1 OVERRIDEABLE METHODS

Each of the following methods takes the Apache object as argument. Information
about the current authentication can be found inside the object Apache::AuthenNTLM 
itself. To override the methods, create our own class which inherits from
Apache::AuthenNTLM and use it in httpd.conf e.g. 	

	PerlAuthenHandler Apache::MyAuthenNTLM 


=head2 $self -> get_config ($r)

Will be called after the object is setup to read in configuration informations.
The $r -> dir_config can be used for that purpose.

=head2 $self -> get_nonce ($r)

Will be called to setup the connection to the windows domain controller 
for $self -> {domain} and retrieve the nonce.
In case you do not authenticate against a windows machine, you simply need 
to set $self -> {nonce} to a 8 byte random string. Returns undef on error.

=head2 $self -> verify_user ($r)

Should verify that the given user supplied the right credentials. Input:

=over

=item $self -> {basic}

Set when we are doing basic authentication

=item $self -> {ntlm}

Set when we are doing ntlm authentication

=item $self -> {username}

The username

=item $self -> {password}

The password when doing basic authentication

=item $self -> {usernthash}



( run in 0.905 second using v1.01-cache-2.11-cpan-df04353d9ac )