view release on metacpan or  search on metacpan

ace_initd  view on Meta::CPAN

my $rand;

while ( $server->recv($mesg, 1024) ) {
   $mesg = $crypt->decrypt_hex ( $mesg );
   my ( $rand, $request, $type, $username, $passcode ) = split /\:/, $mesg;
      eval {
       if ( ! $ACE{$request} ) {
       $ACE{$request} = new Authen::ACE;
       }
       if ( $type eq "check" ) {
       ($result,$info) = $ACE{$request}->Check($passcode,$username);
       }
       if ( $type eq "next" ) {
       ($result,$info) = $ACE{$request}->Next($passcode);
        }
       if ( $type eq "pin" ) {
       ($result,$info) = $ACE{$request}->PIN($passcode);
       }
       if ( $result != 5 && $result != 2 ) {
       delete $ACE{$request};
    } 
      };
   if ( $@ ) {
    $result = 1;       
       syslog ( 'err', "$type $username $result via exception");
   }

    syslog ( 'info', "$type $username $result" );
    if ( $result ) {
           $mesg = "$rand:$result:$$info{system_pin}:$$info{min_pin_len}:$$info{max_pin_len}:$$info{alphanumeric}:$$info{user_selectable}";
    } else {
        $mesg = "$rand:$result:::::";
    }
   $mesg = $crypt->encrypt_hex ( $mesg );
   $server->send ($mesg);
}

sub write_pidfile {
    my $file = shift;
    return unless $file;
    open( PID, "> $file" )
        || die "could not open pidfile \"$pidfile\" for writing: $!";
    print PID $$;
    close PID;
}


__END__

=head1 NAME

ace_initd -  ACE Authentication daemon for Apache::AuthenSecurID::Auth 

=head1 SYNOPSIS

nohup ./ace_initd --listen=127.0.0.1 --facility=local2 --secret=123456 --port=1969 --var_ace=/var/ace

=head1 DESCRIPTION

This daemon handles the ACE authentication requests for the 
Apache::SecurID::Auth module.  It is a single threaded, single
fork server that listens on a specified UDP port.  Incoming requests
are decrypted and requests forwarded to the ACE server.  If a specific
request is in either in NEXT TOKEN MODE or SET PIN MODE the Authen::ACE
object is not deleted.  It is instead kept in memory to handle those
specific requests later.

=head1 LIST OF TOKENS


=item *
--var_ace

Specifies the location of the F<sdconf.rec> file.  It defaults to 
F<$ENV{VAR_ACE}> if this variable is not set.

=item *
--secret

The Blowfish key used to encrypt and decrypt the authentication cookie. 
It defaults to F<my secret> if this variable is not set.

=item *
--port

The port the that the Ace request daemon listens on.  It defaults to F<1969> 
if this variable is not set.

=item *
--facility

The syslog facility ace_initd logs to.  It defaults to F<local2> 
if this variable is not set.

=item *
--daemon

Break off from the shell and become a daemon.

=head1 CONFIGURATION

Either run from the command line;

prompt$ nohup ./ace_initd &

or write the appropriate scripts in the /etc/rc directories.

=head1 PREREQUISITES

ace_initd requires Crypt::Blowfish, Crypt::CBC and Authen::ACE.

=head1 SEE ALSO

L<Authen::ACE> L<Apache::AuthenSecurID> L<Apache::AuthenSecurID::Auth>

=head1 AUTHORS

=item *
mod_perl by Doug MacEachern <dougm@osf.org>

=item *