Apache-AuthenSecurID
3 results

 view release on metacpan or  search on metacpan

RCS/AuthenSecurID.pm,v  view on Meta::CPAN 


=item *
Apache::AuthenSecurID by David Berk <dberk@@lump.org>

=head1 COPYRIGHT

The Apache::AuthenSecurID module is free software; you can redistribute
it and/or modify it under the same terms as Perl itself.

=cut

@


1.5
log
@*** empty log message ***
@
text
@d1 1
a1 1
# $Id: AuthenSecurID.pm,v 1.4 2001/06/22 19:08:36 root Exp $
d85 2
@


1.4
log
@documentation
@
text
@d1 1
a1 1
# $Id: AuthenSecurID.pm,v 1.3 2001/06/21 14:50:24 root Exp root $
d96 1
a96 1
 PerlSetVar AuthCookieHandler /path/of/authentication/handler
d146 1
a146 1
AuthCookieHandler
@


1.3
log
@many fixes
@
text
@d1 1
a1 1
# $Id: AuthenSecurID.pm,v 1.2 2001/06/19 19:05:42 root Exp root $
a18 7
	
	# Continue only if the first request.
	#return OK unless $r->is_initial_req;

	#my $reqs_arr = $r->requires;
	#return OK unless $reqs_arr;
	#my $log = $r->log;
a19 1
	# Grab the password, or return if HTTP_UNAUTHORIZED
d21 1
d28 1
d32 1
d46 1
a46 1
		( $username, $session_time ) = split /\:/, $plaintext_cookie;
a48 1
	# check cookie
d53 1
d57 3
a59 2
		$r->err_header_out(	"Pragma" => "no-cache" ); 
		my $crypt_cookie = $cipher->encrypt_hex ( "$username:$time" );
d61 1
a61 1
			$crypt_cookie . "; path=" . "/");
d64 1
d83 1
a83 5
 # Configuration in httpd.conf

 PerlModule Apache::AuthenSecurID

 # Authentication in .htaccess
d85 1
a88 1
 # authenticate via SecurID
d91 1
a91 1
 PerlSetVar Auth_SecurID_VAR_ACE /ace/config/directory 
d93 1
d95 2
d99 1
d103 6
a108 3
This module allows authentication against a SecurID server.  If 
authentication is successful it sets a cookie with a MD5 hash
token.  The token expires at midnight local time.
d112 1
d114 1
a114 1
Auth_SecurID_VAR_ACE
d116 2
a117 2
The location of the F<sdconf.rec> file.  It defaults to the
directory F</var/ace> if this variable is not set.
d122 10
a131 2
The name of the of cookie to be set for the authenticaion token.  
It defaults to the F<SecurID> if this variable is not set.
d136 1
a136 1
The path of the of cookie to be set for the authenticaion token.  
d139 19
d172 2
d176 1
a176 1
L<Apache>, L<mod_perl>, L<Authen::SecurID>
d195 1
@

RCS/AuthenSecurID.pm,v  view on Meta::CPAN 

@a9 1
use Authen::ACE;
d14 1
a14 1
$VERSION = '0.3';
a26 3
	my($res,$pass) = $r->get_basic_auth_pw;
	$r->log_reason("$res $pass", $r->uri);
	$log->debug("$res $pass");
a27 3
	return $res if $res != OK;

	# Handle Cookie 
a28 4
	$log->debug("$auth_cookie");

	my $cookie_path = $r->dir_config("AuthCookiePath") || "/";
	$log->debug("$cookie_path");
a30 1
	$log->debug("$crypt_key");
d33 2
a34 1
	$log->debug("$cookie_timeout");
a39 1
	my $user = $r->connection->user;
d54 1
a54 11
	if ( $session_key 
		&& $user eq $username 
		&& ($session_time+($cookie_timeout * 60) >= $time) ) {

		# OK set cookie
#		my $auth_cookie  = $cipher->encrypt_hex ( "$user:$time" );
#	 	$r->err_header_out("Set-Cookie" => $auth_cookie . "=" .
#			$auth_cookie . "; path=" . $cookie_path); 
#		$r->no_cache(1);
#                $r->err_header_out("Pragma", "no-cache");
#                $r->header_out("Location" => $r->uri);
a55 51
	}


	# SecurID Config Directory 
	my $VAR_ACE    = $r->dir_config("Auth_SecurID_VAR_ACE") || "/var/ace";

	# Sanity for usernames 
	if (length $user > 64 or $user =~ /[^A-Za-z0-9]/) {
		$r->log_reason("Apache::AuthenSecurID username too long or"
			."contains illegal characters", $r->uri);
		$r->note_basic_auth_failure;
		return AUTH_REQUIRED;
	}

	if ( ! $pass ) {
		$r->log_reason("Apache::AuthenSecurID passcode empty",$r->uri);
		$r->note_basic_auth_failure;
		return AUTH_REQUIRED;
	}

	if (length $pass > 256) {
		$r->log_reason("Apache::AuthenSecurID password too long",$r->uri);
		$r->note_basic_auth_failure;
		return AUTH_REQUIRED;
	}

	# Create the SecurID connection.
	my $ace = Authen::ACE->new(
		config => $VAR_ACE 
	) || warn ( $! );

	# Error if we can't connect.
	if (!defined $ace) {
		$r->log_reason("Apache::AuthenSecurID failed to"
			."init",$r->uri);
		return SERVER_ERROR;
	}
	
	# Do the actual check.
	my ( $result, $info ) = $ace->Check ( $pass, $user );
	if ($result == ACM_OK) {
		$r->log_reason("Apache::AuthenSecurID succeed auth user"
			. "$user" ,$r->uri);
		my $auth_cookie  = $cipher->encrypt_hex ( "$user:$time" );
		$r->err_header_out("Set-Cookie" => $auth_cookie . "=" .
			$auth_cookie . "; path=" . $cookie_path); 
		$r->no_cache(1);
                $r->err_header_out("Pragma", "no-cache");
                $r->header_out("Location" => $r->uri);
		return OK;
		#return REDIRECT;
d57 4
a60 4
		$r->log_reason("Apache::AuthenSecurID failed for user $user $res $VAR_ACE",
			$r->uri);
		$r->note_basic_auth_failure;
		return AUTH_REQUIRED;
@



( run in 2.116 seconds using v1.01-cache-2.11-cpan-99c4e6809bf )