view release on metacpan or  search on metacpan

lib/Apache/AuthDBI.pm  view on Meta::CPAN

tilde ('~') separated list of several data_sources. All of these triples will
be used until a successful connect is made. This way several backup-servers
can be configured. if you want to use the environment variable DBI_DSN
instead of a data_source, do not specify this parameter at all.

=item * Auth_DBI_username (Authentication and Authorization)

The username argument is passed to the database driver for processing during
connect. This parameter may be a tilde ('~') separated list.
See the data_source parameter above for the usage of a list.

=item * Auth_DBI_password (Authentication and Authorization)

The password argument is passed to the database driver for processing during
connect. This parameter may be a tilde ('~')  separated list.
See the data_source parameter above for the usage of a list.

=item * Auth_DBI_pwd_table (Authentication and Authorization)

Contains at least the fields with the username and the (possibly encrypted)
password. The username should be unique.

=item * Auth_DBI_uid_field (Authentication and Authorization)

Field name containing the username in the Auth_DBI_pwd_table.

=item * Auth_DBI_pwd_field (Authentication only)

Field name containing the password in the Auth_DBI_pwd_table.

=item * Auth_DBI_pwd_whereclause (Authentication only)

Use this option for specifying more constraints to the SQL-select.

=item * Auth_DBI_grp_table (Authorization only)

Contains at least the fields with the username and the groupname.

=item * Auth_DBI_grp_field (Authorization only)

Field-name containing the groupname in the Auth_DBI_grp_table.

=item * Auth_DBI_grp_whereclause (Authorization only)

Use this option for specifying more constraints to the SQL-select.

=item * Auth_DBI_log_field (Authentication only)

Field name containing the log string in the Auth_DBI_pwd_table.

=item * Auth_DBI_log_string (Authentication only)

String to update the Auth_DBI_log_field in the Auth_DBI_pwd_table. Depending
upon the database this can be a macro like 'TODAY'.

=item * Auth_DBI_authoritative  < on / off> (Authentication and Authorization)

Default is 'on'. When set 'on', there is no fall-through to other
authentication methods if the authentication check fails. When this directive
is set to 'off', control is passed on to any other authentication modules. Be
sure you know what you are doing when you decide to switch it off.

=item * Auth_DBI_nopasswd  < on / off > (Authentication only)

Default is 'off'. When set 'on' the password comparison is skipped if the
password retrieved from the database is empty, i.e. allow any password.
This is 'off' by default to ensure that an empty Auth_DBI_pwd_field does not 
allow people to log in with a random password. Be sure you know what you are 
doing when you decide to switch it on.

=item * Auth_DBI_encrypted  < on / off > (Authentication only)

Default is 'on'. When set to 'on', the password retrieved from the database
is assumed to be crypted. Hence the incoming password will be crypted before
comparison. When this directive is set to 'off', the comparison is done
directly with the plain-text entered password.

=item *
Auth_DBI_encryption_method < sha1hex/md5hex/crypt > (Authentication only)

Default is blank. When set to one or more encryption method, the password
retrieved from the database is assumed to be crypted. Hence the incoming
password will be crypted before comparison.  The method supports falling
back so specifying 'sha1hex/md5hex' would allow for a site that is upgrading 
to sha1 to support both methods.  sha1 is the recommended method.

=item * Auth_DBI_encryption_salt < password / userid > (Authentication only)

When crypting the given password AuthDBI uses per default the password
selected from the database as salt. Setting this parameter to 'userid',
the module uses the userid as salt.

=item *
Auth_DBI_uidcasesensitive  < on / off > (Authentication and Authorization)

Default is 'on'. When set 'off', the entered userid is converted to lower case.
Also the userid in the password select-statement is converted to lower case.

=item * Auth_DBI_pwdcasesensitive  < on / off > (Authentication only)

Default is 'on'. When set 'off', the entered password is converted to lower
case.

=item * Auth_DBI_placeholder < on / off > (Authentication and Authorization)

Default is 'off'.  When set 'on', the select statement is prepared using a
placeholder for the username.  This may result in improved performance for
databases supporting this method.

=back

=head1 CONFIGURATION

The module should be loaded upon startup of the Apache daemon.
Add the following line to your httpd.conf:

 PerlModule Apache::AuthDBI

A common usage is to load the module in a startup file via the PerlRequire
directive. See eg/startup.pl for an example.

There are three configurations which are server-specific and which can be done
in a startup file:

 Apache::AuthDBI->setCacheTime(0);

This configures the lifetime in seconds for the entries in the cache.
Default is 0, which turns off the cache. When set to any value n > 0, the
passwords/groups of all users will be cached for at least n seconds. After