Apache-AuthenSecurID
view release on metacpan or search on metacpan
RCS/README,v view on Meta::CPAN
PerlSetVar AuthCryptKey Encryption_Key
PerlSetVar AuthCookie Name_of_Authentication_Cookie
PerlSetVar AuthUserCookie Name_of_Username_Authentication_Cookie
PerlSetVar AuthCookiePath /path/of/authentication/cookie
PerlSetVar AuthCookieTimeOut 30
PerlSetVar Auth_Handler /path/of/authentication/handler
require valid-user
</Location>
DESCRIPTION
This module allows authentication against a SecurID
server. It detects whether a user has a valid encrypted
cookie containing their username and last activity time
stamp. If the cookie is valid the module will change the
activity timestamp to the present time, encrypt and send
the cookie. If the cookie is not valid the module will
redirect to the authentication handler to prompt for
username and passcode.
LIST OF TOKENS
o AuthCryptKey
The Blowfish key used to encrypt and decrypt the
authentication cookie. It defaults to my secret if
this variable is not set.
o AuthCookie
The name of the of cookie to be set for the
authentication token. It defaults to SecurID if
this variable is not set.
o AuthUserCookie
The name of the of cookie that contains the value
of the persons username in plain text. This is
checked against the contents of the encrypted
cookie to verify user. The cookie is set of other
applications can identify authorized users. It
defaults to SecurID_User if this variable is not
set.
o AuthCookiePath
The path of the of cookie to be set for the
authentication token. It defaults to / if this
variable is not set.
o AuthCookieTimeOut
The time in minute a cookie is valid for. It is
not recommended to set below 5. It defaults to 30
if this variable is not set.
o Auth_Handler
The path of authentication handler. This is the
URL which request with invalid cookie are
redirected to. The handler will prompt for
username and passcode. It does the actual
authentication and sets the initial cookie. This
mechanism is used instead of get_basic_auth_pw
because get_basic_auth_pw will do multiple
authentication attempt on pages that contain
frames. The ACE server will deny simultaneous
authentication attempts since it considers this a
type of attack. It defaults to /ace_init if this
variable is not set. Please see
Apache::AuthenSecurID::Auth to properly configure
this functionality.
CONFIGURATION
The module should be loaded upon startup of the Apache
daemon. Add the following line to your httpd.conf:
PerlModule Apache::AuthenSecurID
PREREQUISITES
For AuthenSecurID you need to enable the appropriate call-
back hook when making mod_perl:
perl Makefile.PL PERL_AUTHEN=1
AuthenSecurID requires Crypt::Blowfish and Crypt::CBC.
SEE ALSO
the Apache manpage, the mod_perl manpage, the Authen::ACE
manpage the Apache::AuthenSecurID::Auth manpage
AUTHORS
o mod_perl by Doug MacEachern <dougm@@osf.org>
o Authen::ACE by Dave Carrigan
<Dave.Carrigan@@iplenergy.com>
o Apache::AuthenSecurID by David Berk <dberk@@lump.org>
COPYRIGHT
The Apache::AuthenSecurID module is free software; you can
redistribute it and/or modify it under the same terms as
Perl itself.
Apache::AuthenSecurID::Auth(3)curID::Auth(3)
NAME
Apache::AuthenSecurID::Auth - Authentication handler for
Apache::AuthenSecurID
SYNOPSIS
# Configuration in httpd.conf
<Location /path/of/authentication/handler>
SetHandler perl-script
PerlHandler Apache::AuthenSecurID::Auth
PerlSetVar AuthCryptKey Encryption_Key
PerlSetVar AuthCookie Name_of_Authentication_Cookie
PerlSetVar AuthUserCookie Name_of_Username_Authentication_Cookie
PerlSetVar AuthCookiePath /path/of/authentication/cookie
PerlSetVar AuthApacheCookie Apache_Cookie
( run in 1.561 second using v1.01-cache-2.11-cpan-df04353d9ac )