view release on metacpan or  search on metacpan

FAQ  view on Meta::CPAN

AppSamurai Frequently Answered (though perhaps never asked) Questions

Introduction
------------
Q: Why is this FAQ so sparse, useless, condescending, confusing, revoltingly
   formatted, poorly written?  This is pretty much the worst FAQ ever made.
A: Thanks!  Someone is actually reading the FAQ!

Q: Really, though, couldn't you think of any questions?
A: Sounds like you are pretty sharp.  Why don't you ask some....


General
-------
Q: I am using multiple authentication methods, and the credentials passed into
   the login form seem to be going to the wrong places... help!
A: The order of credentials (and how they are checked) is defined by their
   order inside the AuthMethods setting for your auth name.  The first
   authentication method in the list will be the first to be checked, and
   will get the value sent to the credential_1 value in the login form,
   login.html.

   In most cases, you will want your strongest (or any dynamic/token based)
   authentication checked first.  Set that to credential_1 and put it first
   in the AuthMethods list.  You want your weakest, (easiest guessed or most
   static), authentication method checked last, so put it in the last
   credential_ value in your login.html form and last in the AuthMethods list.

Q: But I want the order of credential entry boxes to be different on 
   the login form...
A: Then move them around in the HTML.  The HTML order does not matter, just
   the credential_X value assigned to an input. (X being the number)

Q: I am using files for session storage and locking.  How can I cleanup all
   those stale session files?
A: Future versions may have built in cleanup.  For now you should use
   something like the following, run as your webserver user on a regular
   basis:

    /usr/bin/find /var/www/session/sessions /var/www/session/slock -mtime +8 -type f | grep -v Track | xargs /bin/rm

   (Make sure to set the session and session lock directories according to your setup, and adjust the -mtime value to the maximum age in days you want to keep)
 
Q: I enabled debugging in AppSamurai for my authname, (by using
   "PerlSetVar authnameDebug 1" in my Apache configuration), yet I am not
   seeing debugging messages in the log.
A: Apache is probably not configured to log debug level messages.  Change the
   the "LogLevel" setting for "ErrorLog" in your Apache config to debug.
   Don't forget to turn OFF AppSamurai debugging for production!  It logs
   potentially sensitive information that you do not want sitting in a logfile
   in your DMZ.

Auth Modules
------------
Q: How does the AuthBasic auth module work?
A: The AuthBasic auth module attempts to authenticate with a web server using
   HTTP Basic Auth authentication.  (This is the "old" style login where
   a popup box appears asking for a username and password.)  Since AppSamurai
   is often used to protect backend servers that only have HTTP Basic Auth
   enabled, the server used will usually be the same as AppSamurai is
   protecting.

Q: "Basic", "Radius", and "Simple"... not a lot of auth choices...
A: Instead of writing 800 auth modules, AppSamurai comes with two basic auth
   modules (that I personally use), plus the AuthSimple module which opens
   up access to any Authen::Simple supported authentication adaptor.
   (Authen::Simple::Kerberos, Authen::Simple::PAM, etc.)  More AppSamurai
   auth modules may appear in future releases.  (Especially if anyone sends
   me code... hint hint.)

Q: I want to write a new auth module to authenticate using a web service
   on my mainframe.  (I will call it AuthWebEBCDIC.) What do I do?
A: About time! Everyone is asking for this one.  Adding an auth module
   is fairly simple.

 * Use the AuthTest.pm test module as your template (from examples/auth/
   in the Apache-AppSamurai dist.)