view release on metacpan or  search on metacpan

generic_reg_auth_scheme.txt  view on Meta::CPAN

$Id: generic_reg_auth_scheme.txt,v 1.1.1.1 2003/10/10 20:13:33 jacob Exp $
30 March 2000
matisse

DRAFT DRAFT DRAFT

Generic Auth/Reg Feature List

Must be installable and configurable by someone with only basic Perl and
Apache skills. E.g. only slightly more involved than setting up BasicAuth
and writing a simple CGI program.

Jacob>  This could be accomplished by making a little script to install
        the necessary CGI scripts and stuff.

Configuration features:
In global section of virtualhost:
	PerlModule Apache::AuthCookieDBI
	PerlSetVar AuthNamePath /

	# this login script must use another cookie to set the destination
	# and we probably need to hack authcookie to look at the cookie
	# too.  the action should be /LOGIN.  the alternative is to always
	# make the login scripts look at the cookie if they don't get it in
	# the hidden field, which is probably right.
	PerlSetVar AuthNameLoginScript /cgi-bin/ACD/login

	# don't know if this is worth implementing, need to re-authenticate
	# and regenerate the token with every hit (or maybe we can just trust
	# the previous one and just update the expire time and rebuild
	# the MD5 checksum; probably requires hacks to AuthCookie either way).
	PerlSetVar AuthNameCookieExpirePolicy [ renew | time-to-live ]

	# or we could do it on the server side by updating a last-visit
	# table with every hit (ouch).  if we don't have this we use the time
	# in the cookie'd info, if we do have this we use that ticket as a key
	# into this database to see when their last hit was.
	PerlSetVar AuthNameDBI_SessionTable tablename
	# do we need more stuff on the field names and blah blah?

	# this determines how long the cookie is good for (ie how long
	# after the MD5'd date in the cookie (or the last entry in the session
	# database if we use one) we still take it)
 	PerlSetVar AuthNameDBI_SessionLifetime [ forever | time-to-live ]
	# time-to-live is formatted as a time delta:
	# 01-00-00-00-00 - 1 day.
	# 00-01-00-00-00 - 1 hour.
	# 00-00-15-00-00 - 15 minute

	# this is probably set by AuthCookie somewhere.
	PerlSetVar AuthNameCookieName name-of-cookie

	# this is the key we use in the MD5'd checksum.  root should change
	# this every day because it has to be nobody-readable and is therefore
	# not all that secure.
	PerlSetVar AuthNameDBI_SecretKeyfile /path/to/secret/key

In <Directory> or <Location> sections (server config or .htaccess):
	AuthType Apache::AuthCookieDBI
	# set this to whatever, but the PerlSetVar's must match it.
	AuthName AuthName
	PerlAuthenHandler Apache::AuthCookieDBI->authenticate
	PerlAuthzHandler Apache::AuthCookieDBI->authorize
	Require [ valid-user, user username, group groupname ]

	# you must set this.
	PerlSetVar AuthNameDBI_DSN databasename

	# all these are optional.
	PerlSetVar AuthNameDBI_User username # default undef
	PerlSetVar AuthNameDBI_Password password # default undef
	PerlSetVar AuthNameDBI_UsersTable tablename # default 'users'
	PerlSetVar AuthNameDBI_UserField fieldname # default 'user'
	PerlSetVar AuthNameDBI_PasswordField fieldname # default 'password'
	PerlSetVar AuthNameDBI_CryptType [ none, crypt, MD5 ] # default 'none'
	PerlSetVar AuthNameDBI_GroupsTable tablename # default 'groups'
	PerlSetVar AuthNameDBI_GroupField fieldname # default 'group'