Result:
found more than 505 distributions - search limited to the first 2001 files matching your query
( run in 0.922 )
Apache2-AuthPAM
view release on metacpan or search on metacpan
my $r = shift;
# check first request
return OK unless $r->is_initial_req;
# get user password
my ($rc, $pw) = $r->get_basic_auth_pw;
# decline if not basic
return $rc if $rc;
or locations in your web server filesystem space.
Apache2::AuthPAM works as follows:
calls pam_start with the selected service.
calls pam_authenticate with the browser/apache supplied username and password.
calls pam_acct_mgmt.
calls pam_end.
If any of the PAM functions fail, Apache2::AuthPAM logs an info level message and returns C<AUTH_REQUIRED>.
If all PAM functions are succesfull, Apache2::AuthPAM logs an info level message and returns C<OK>.
Remember that if you don't use https (SSL) then your username and password is
transmitted on the network in plain text with each request. So if you are going
to use your system password database, you B<MUST> also use B<mod_ssl> or you
accounts will be easily compromised.
=head1 BUGS
Apache2::AuthPAM is running as the same user mod_perl is running
Apache2-AuthTicketLDAP
view release on metacpan or search on metacpan
AuthTicketLDAP.pm view on Meta::CPAN
return undef;
}
sub check_credentials {
my ($self, $user, $password) = @_;
my ($entry, $mesg);
# 1) check_ldap_cache for UID entry. Avoids anonymous search.
# 2) if not in cache, run a search and cache the result
# 3) lastly, bind with supplied password.
$entry = $self->ldap_cache($user) or return 0;
$mesg = $self->ldap->bind($entry->dn(), password => $password)
or die "$@";
if (!$mesg->is_error()) {
return 1;
}
AuthTicketLDAP.pm view on Meta::CPAN
against an LDAP database. It also implements I<CHI>-based, mmap'd file caching
of LDAP entries and SELECT queries.
Further differences between the two modules include:
1) Custom dbi_connect, supporting:
a) passwordless local connections
b) AutoCommit via TicketDBAutoCommit option
c) a couple of Informix-specific options (ISOLATION and LOCK MODE)
2) Use SHA512 instead of MD5 for digests
3) Support "require ldap_attribute myAttrib=Foo"
4) TicketThreshold: Only update database when a ticket timestamp is at least
AuthTicketLDAP.pm view on Meta::CPAN
an illusion -- cached files are only mapped into memory once.
LDAP authentication processing works similarly to mod_ldap/mod_authnz_ldap.
1) An anonymous search looks up a user on the LDAP server.
Returns 403 if unsuccessful. Otherwise, the entry is cached.
2) That user's LDAP entry DN and password is used to bind to
the server. Returns 403 if unsuccessful, OK if successful.
On the database side, everything works the same as I<Apache2::AuthTicket> except
that users are authenticated and authorized with LDAP instead.
Apache2-AuthZLDAP
view release on metacpan or search on metacpan
lib/Apache2/AuthZLDAP.pm view on Meta::CPAN
PerlSetVar LDAPTLScapath /path/to/cadir
# Set to a file that contains the CA cert
PerlSetVar LDAPTLScafile /path/to/cafile.pem
# Specifies a user/password to use for the bind
# If LDAPuser is not specified, AuthZLDAP will attempt an anonymous bind
PerlSetVar LDAPuser cn=user,o=org
PerlSetVar LDAPpassword secret
# Sets the LDAP search scope
# (base|one|sub)
# Defaults to sub
PerlSetVar LDAPscope sub
lib/Apache2/AuthZLDAP.pm view on Meta::CPAN
$LDAPTLS="no";
}
## bind
my $LDAPuser = $r->dir_config('LDAPuser');
my $LDAPpassword = $r->dir_config('LDAPpassword');
## baseDN and Filters
my $LDAPbaseDN = $r->dir_config('LDAPbaseDN');
my $LDAPscope = lc($r->dir_config('LDAPscope'));
my $LDAPfilter = $r->dir_config('LDAPfilter');
lib/Apache2/AuthZLDAP.pm view on Meta::CPAN
$r->log_error("Apache2::AuthZLDAP : $location, LDAP error could not start TLS : ".$mesg->error);
}
return Apache2::Const::HTTP_UNAUTHORIZED;
}
## user password bind if configured else anonymous
if (defined $LDAPuser and defined $LDAPpassword){
$mesg = $session->bind($LDAPuser,password=>$LDAPpassword);
}else{
$mesg = $session->bind();
}
if($mesg->code){
Apache2-AuthZSympa
view release on metacpan or search on metacpan
lib/Apache2/AuthNSympa.pm view on Meta::CPAN
'servers' => [ $cacheserver ],
'namespace' => 'AuthNSympa',
};
##collect informations from connection
my ($status, $password) = $r->get_basic_auth_pw;
$mail_user = $r->user;
unless ($status == Apache2::Const::OK){
$r->note_basic_auth_failure;
return $status
}
unless ($mail_user && $password){
$r->note_basic_auth_failure;
return Apache2::Const::AUTH_REQUIRED;
}
## key generation for cache : md5($mail_user + server name) -> prevents from errors when updating
my $user_key = md5_hex($mail_user.$SympaSoapServer);
my $hash_pass = md5_hex($password);
if (defined $cache){
my $cache_pass = $cache->get($user_key);
$cache_pass |= "";
if ($cache_pass eq $hash_pass){
return Apache2::Const::OK;
}
}
## authentify using SympaSoapServer
unless($soap->login($mail_user,$password)){
$r->note_basic_auth_failure;
return Apache2::Const::DECLINED;
}else{
$response=$soap->login($mail_user,$password);
}
## verify if error during soap service request
if ($soap_error==1){
my ($type_error,$detail) = &traite_soap_error($soap, $soap_res);
Apache2-Authen-Passphrase
view release on metacpan or search on metacpan
lib/Apache2/Authen/Passphrase.pm view on Meta::CPAN
our $VERSION = 0.002002;
use constant USER_REGEX => qr/^\w{2,20}$/pas;
use constant PASSPHRASE_VERSION => 1;
use constant INVALID_USER => "invalid-user\n";
use constant BAD_PASSWORD => "bad-password\n";
use if $ENV{MOD_PERL}, 'Apache2::RequestRec';
use if $ENV{MOD_PERL}, 'Apache2::RequestUtil';
use if $ENV{MOD_PERL}, 'Apache2::Access';
use if $ENV{MOD_PERL}, 'Apache2::Const' => qw/OK HTTP_UNAUTHORIZED/;
lib/Apache2/Authen/Passphrase.pm view on Meta::CPAN
=head1 SYNOPSIS
use Apache2::Authen::Passphrase qw/pwcheck pwset pwhash/;
$Apache2::Authen::Passphrase::rootdir = "/path/to/user/directory"
my $hash = pwhash $username, $password;
pwset $username, "pass123";
eval { pwcheck $username, "pass123" };
# In Apache2 config
<Location /secret>
lib/Apache2/Authen/Passphrase.pm view on Meta::CPAN
=head1 DESCRIPTION
Apache2::Authen::Passphrase is a perl module which provides easy-to-use Apache2 authentication. It exports some utility functions and it contains a PerlAuthenHandler.
The password hashes are stored in YAML files in an directory (called the C<rootdir>), one file per user.
Set the C<rootdir> like this:
$Apache2::Authen::Passphrase::rootdir = '/path/to/rootdir';
lib/Apache2/Authen/Passphrase.pm view on Meta::CPAN
=over
=item B<pwhash>()
Takes the password as a single argument and returns the password hash.
=item B<pwset>(I<$username>, I<$password>)
Sets the password of $username to $password.
=item B<pwcheck>(I<$username>, I<$password>)
Checks the given username and password, throwing an exception if the username is invalid or the password is incorrect.
=item B<handler>
The PerlAuthenHandler for use in apache2. It uses Basic Access Authentication.
lib/Apache2/Authen/Passphrase.pm view on Meta::CPAN
Exception thrown if the username does not match C<USER_REGEX>.
=item B<BAD_PASSWORD>
Exception thrown if the password is different from the one stored in the user's yml file.
=item B<PASSPHRASE_VERSION>
The version of the passphrase. It is incremented each time the passphrase hashing scheme is changed. Versions so far:
Apache2-AuthenDBMCache
view release on metacpan or search on metacpan
AuthenDBMCache.pm view on Meta::CPAN
dbmclose(%DBM);
}
# squish userid, password, config and realm into a hash
sub Digest {
use Digest::MD5;
my ($string)=Digest::MD5->md5_hex(@_);
AuthenDBMCache.pm view on Meta::CPAN
sub handler {
my $r = shift;
my $tmp;
# Get response and password
my($status, $passwd) = $r->get_basic_auth_pw;
return Apache2::Const::OK unless $r->is_initial_req;
return $status unless ($status == Apache2::Const::OK); # e.g. HTTP_UNAUTHORIZED
# Get configuration... are we debugging?
AuthenDBMCache.pm view on Meta::CPAN
# Get all parameters -- current config (to limit cache poison).
my $config=$r->dir_config(); $config=join(":",%$config);
# construct a unique key for userid/realm/config/password
my $key = Digest("$user $realm $config $passwd");
$r->log->debug("handler: user=$user") if $debug;
AuthenDBMCache.pm view on Meta::CPAN
$r->log->debug("handler: user cache stale") if $debug;
$r->push_handlers(PerlFixupHandler => \&manage_cache);
return Apache2::Const::DECLINED;
}
# Hash hasn't expired, password is ok, clear the stacked handlers
$r->log->debug("handler: $user cache hit") if $debug;
$r->set_handlers(PerlAuthenHandler => undef);
return Apache2::Const::OK;
}
AuthenDBMCache.pm view on Meta::CPAN
my $ttl = $r->dir_config('AuthenDBMCache_TTL') || 3600;
my $debug = (lc($r->dir_config('AuthenDBMCache_Debug')) eq 'on');
$cache=$tmp if ($tmp = $r->dir_config('AuthenDBMCache_file'));
# Get response and password
my ($status, $passwd) = $r->get_basic_auth_pw;
# Get username and Realm
AuthenDBMCache.pm view on Meta::CPAN
# Get all parameters -- current config
my $config=$r->dir_config(); $config=join(":",%$config);
# construct a unique key for userid/realm/config/password
my $key = Digest("$user $realm $config $passwd");
$r->log->debug("manage_cache: user=$user") if $debug;
AuthenDBMCache.pm view on Meta::CPAN
methods but it can be used with any perl authentication module).
When a authorization request is received this handler uses a DBM data
base cache to answer the request. Each entry in the cache is indexed
by a key which is a hash of user name, the authentication "realm", the
authentication parameters and the password. The value at the key is an
expiration date. If the supplied user name and password hash to a key
which exists and has not expired then the handler returns OK and
clears the downstream Authen handlers from the stack. Otherwise, it
returns DECLINED and allows the next PerlAuthenHandler in the stack to
be called.
AuthenDBMCache.pm view on Meta::CPAN
A caching mechanism is vulnerable to cache-poisoning -- we have made
an effort to prevent that but you should be cautious. Especially on
multi-user systems with users who aren't trustworthy.
The cache is not indexed by "userid" and the key is a one way hash
that includes the userid, password and more -- that is intentional. We
don't want bad guys cracking passwords out of the cache.
=head1 SEE ALSO
httpd(8), mod_perl2(1), Digest::MD5
Apache2-AuthenMSAD
view release on metacpan or search on metacpan
AuthenMSAD.pm view on Meta::CPAN
my $r = shift;
# Continue only if the first request.
# return OK unless $r->is_initial_req;
# Grab the password, or return in HTTP_UNAUTHORIZED
my ($res, $pass) = $r->get_basic_auth_pw;
return $res if $res;
my $user = $r->user;
AuthenMSAD.pm view on Meta::CPAN
my $domain = $r->dir_config('MSADDomain') || "no-domain";
my $server = $r->dir_config('MSADServer') || $domain;
if ($pass eq "") {
$r->note_basic_auth_failure;
$r->log_reason("user - no password supplied",$r->uri);
return Apache2::Const::HTTP_UNAUTHORIZED;
}
if ($user eq "") {
$r->note_basic_auth_failure;
AuthenMSAD.pm view on Meta::CPAN
$r->note_basic_auth_failure;
$r->log_reason("user - MSAD LDAP Connect Failed",$r->uri);
return Apache2::Const::HTTP_UNAUTHORIZED;
}
my $result= $ldap->bind (dn => "$user\@$domain", password => $pass);
if (!$result || ($result && $result->code)) {
$r->note_basic_auth_failure;
$r->log_reason("user - Active Directory Authen Failed",$r->uri);
return Apache2::Const::HTTP_UNAUTHORIZED;
}
AuthenMSAD.pm view on Meta::CPAN
It was tested in an production environment to work perfectly.
=head1 BEWARE
This builds on the Net::LDAP interface and as such passes the userid
and password in the clear. We've not been able to get Net::LDAPS to
work with Microsoft Active Directory. If anyone else has we'd dearly
love to hear from them.
=head1 AUTHOR
Apache2-AuthenNIS
view release on metacpan or search on metacpan
lib/Apache2/AuthenNIS.pm view on Meta::CPAN
was a direct adaptation of Michael Parker's (B<parker@austx.tandem.com>)
Apache::AuthenSmb module.
The module uses Net::NIS::yp_match to retrieve the "passwd" entry from the
passwd.byname map, using the supplied username as the search key. It then
uses crypt() to verify that the supplied password matches the retrieved
hashed password.
=head2 Parameters
=over 4
lib/Apache2/AuthenNIS.pm view on Meta::CPAN
if ( lc( $allowaltauth ) eq "yes" ) {
return Apache2::Const::DECLINED;
}
else {
$r->note_basic_auth_failure;
$r->log_error( __PACKAGE__, " - user $name: bad password", $r->uri );
return Apache2::Const::HTTP_UNAUTHORIZED;
}
}
return Apache2::Const::OK;
Apache2-AuthenNTLM-Cookie
view release on metacpan or search on metacpan
lib/Apache2/AuthenNTLM/Cookie.pm view on Meta::CPAN
This module extends L<Apache2::AuthenNTLM> with a cookie mechanism.
The parent module L<Apache2::AuthenNTLM> performs user authentication
via Microsoft's NTLM protocol; thanks to this mechanism, users are
automatically recognized from their Windows login, without having to
type a username and password. The server does not have to be a Windows
machine : it can be any platform, provided that it has access to a
Windows domain controller. On the client side, both Microsoft
Internet Explorer and Mozilla Firefox implement the NTLM protocol.
The NTLM handshake involves several packet exchanges, and furthermore
Apache2-AuthenNTLM
view release on metacpan or search on metacpan
AuthenNTLM.pm view on Meta::CPAN
print STDERR "[$$] AuthenNTLM: Verify user $self->{username} via smb server\n" if ($debug) ;
if ($self -> {basic})
{
$rc = Authen::Smb::Valid_User_Auth ($self -> {smbhandle}, $self->{username}, $self -> {password}) ;
}
else
{
$rc = Authen::Smb::Valid_User_Auth ($self -> {smbhandle}, $self->{username}, $self -> {usernthash}, 1, $self->{userdomain}) ;
}
AuthenNTLM.pm view on Meta::CPAN
$self -> {smbhandle} = undef ;
$self -> {lock} = undef ;
if ($rc == &Authen::Smb::NTV_LOGON_ERROR)
{
$r->log_error("Wrong password/user (rc=$rc/$errno/$smberr): $self->{userdomain}\\$self->{username} for " . $r -> uri) ;
print STDERR "[$$] AuthenNTLM: rc = $rc ntlmhash = $self->{usernthash}\n" if ($debug) ;
return ;
}
if ($rc)
AuthenNTLM.pm view on Meta::CPAN
sub get_basic
{
my ($self, $r, $data) = @_ ;
($self -> {username}, $self -> {password}) = split (/:/, $data) ;
my ($domain, $username) = split (/\\|\//, $self -> {username}) ;
if ($username)
{
$self -> {domain} = $domain ;
AuthenNTLM.pm view on Meta::CPAN
The purpose of this module is to perform a user authentication via Microsoft's
NTLM protocol. This protocol is supported by all versions of the Internet
Explorer and is mainly useful for intranets. Depending on your preferences
setting IE will supply your windows logon credentials to the web server
when the server asks for NTLM authentication. This saves the user to type in
his/her password again.
The NTLM protocol performs a challenge/response to exchange a random number
(nonce) and get back a md4 hash, which is built from the user's password
and the nonce. This makes sure that no password goes over the wire in plain text.
The main advantage of the Perl implementation is, that it can be easily extended
to verify the user/password against other sources than a windows domain controller.
The defaultf implementation is to go to the domain controller for the given domain
and verify the user. If you want to verify the user against another source, you
can inherit from Apache2::AuthenNTLM and override it's methods.
To support users that aren't using Internet Explorer, Apache2::AuthenNTLM can
AuthenNTLM.pm view on Meta::CPAN
=item $self -> {username}
The username
=item $self -> {password}
The password when doing basic authentication
=item $self -> {usernthash}
The md4 hash when doing ntlm authentication
Apache2-AuthenRadius
view release on metacpan or search on metacpan
AuthenRadius.pm view on Meta::CPAN
use APR::SockAddr;
use Authen::Radius;
$VERSION = '0.9';
# Create my own method to check a password
# The Authen::Radius->check_pwd method was too restrictive
# to use. We needed a function that returned all possible
# values.
sub chk_passwd {
my ($rad, $uname, $upwd, $nas) = @_;
AuthenRadius.pm view on Meta::CPAN
return OK unless $r->is_initial_req();
my $reqs_arr = $r->requires;
return OK unless $reqs_arr;
# Grab the password, or return if HTTP_UNAUTHORIZED
my($res,$pass) = $r->get_basic_auth_pw;
return $res if $res;
# Get the user name.
my $user = $r->user;
AuthenRadius.pm view on Meta::CPAN
my $secret2 = $r->dir_config("Auth_Radius_secret2");
# Timeout to wait for a response from the radius server.
my $timeout = $r->dir_config("Auth_Radius_timeout") || 5;
# Sanity for usernames and passwords.
if (length $user > 64 or $user =~ /[^A-Za-z0-9\@\.\-\_\#\:]/) {
$r->log_reason("Apache2::AuthenRadius username too long or"
."contains illegal characters. URI:", $r->uri);
$r->note_basic_auth_failure;
return HTTP_UNAUTHORIZED;
AuthenRadius.pm view on Meta::CPAN
if ($r->dir_config("Auth_Radius_postfixToUsername")) {
$user .= $r->dir_config("Auth_Radius_postfixToUsername");
}
if (length $pass > 256) {
$r->log_reason("Apache2::AuthenRadius password too long. URI:",$r->uri);
$r->note_basic_auth_failure;
return HTTP_UNAUTHORIZED;
}
# Create the object for the primary RADIUS query
AuthenRadius.pm view on Meta::CPAN
Auth_Radius_prependToUsername
Prefix's a string to the beginning of the user name that is sent to
the Radius Server. This would typically be in the form of REALM/ or
REALM%. Most Radius servers support prefixed or suffixed realms and
so allow for different user name / password lists.
You can both postfix and prefix a realm at the same time. Your
radius server might not deal with it very well.
=item *
Auth_Radius_postfixToUsername
Postfix's a string to the end of the user name that is sent to
the Radius Server. This would typically be in the form of @REALM or
%REALM. Most Radius servers support prefixed or suffixed realms and
so allow for different user name / password lists.
You can both postfix and prefix a realm at the same time. Your
radius server might not deal with it very well.
=head1 CONFIGURATION
Apache2-AuthenSecurID
view release on metacpan or search on metacpan
Auth/Auth.pm view on Meta::CPAN
6 digit SecurID code. If you do not have<br/>
a PIN yet just enter the 6 digit SecurID code.
};
$extra_input = qq{
<label for="passcode">Passcode :</label>
<input type="password" name="passcode" id="passcode"/>
<input type="hidden" name="type" value="check"/>
<input type="hidden" name="a" value="$uri"/>
};
}
else {
Auth/Auth.pm view on Meta::CPAN
my $message;
my $extra_info = qq{
<span style="font-weight: bold;">User Authenticated</span>
<label for="pin1">PIN :</label>
<input type="password" name="pin1" id="pin1"/>
<input type="hidden" name="type" value="pin"/>
<input type="hidden" name="a" value="$uri"/>
<input type="hidden" name="alphanumeric" value="$alphanumeric"/>
<input type="hidden" name="min_pin_len" value="$min_pin_len"/>
<input type="hidden" name="max_pin_len" value="$max_pin_len"/>
<label for="pin1">PIN ( Again ) :</label>
<input type="password" name="pin2" id="pin2"/>
};
if ( $pin1 != $pin2 ) {
$message = qq{
<span style="font-weight: bold;">New Pin Required</span>
Auth/Auth.pm view on Meta::CPAN
my ( $result, $info, $r, $crypt, $req, $username ) = @_;
my $message;
my $uri = $req->param('a');
my $extra_input = qq{
<label for="passcode">Passcode :</label>
<input type="password" name="passcode" id="passcode"/>
<input type="hidden" name="type" value="check"/>
<input type="hidden" name="a" value="$uri"/>
};
my $time = time();
Auth/Auth.pm view on Meta::CPAN
the 6 digit SecurID token code.
</p>
};
$extra_input = qq{
<label for="passcode">Passcode :</label>
<input type="password" name="passcode" id="passcode"/>
<input type="hidden" name="type" value="next"/>
<input type="hidden" name="a" value="$uri"/>
};
}
elsif ( $result == 5 ) {
Auth/Auth.pm view on Meta::CPAN
Please enter a $$info{min_pin_len} to $$info{max_pin_len} digit pin.
</p>
|;
$extra_input = qq|
<label for="pin1">PIN :</label>
<input type="password" name="pin1" id="pin1"/>
<input type="hidden" name="type" value="pin"/>
<input type="hidden" name="a" value="$uri"/>
<input type="hidden" name="alphanumeric" value="$$info{alphanumeric}"/>
<input type="hidden" name="min_pin_len" value="$$info{min_pin_len}"/>
<input type="hidden" name="max_pin_len" value="$$info{max_pin_len}"/>
<label for="pin1">PIN ( Again ) :</label>
<input type="password" name="pin2" id="pin2"/>
|;
}
else {
$message = qq|
Apache2-AuthenSmb
view release on metacpan or search on metacpan
AuthenSmb.pm view on Meta::CPAN
$bdc,
$domain);
unless($return == 0) {
$r->note_basic_auth_failure;
$r->log_error("user $name: password mismatch", $r->uri);
return Apache2::Const::HTTP_UNAUTHORIZED;
}
unless (@{ $r->get_handlers("PerlAuthzHandler") || []}) {
$r->push_handlers(PerlAuthzHandler => \&authz);
Apache2-AuthzNIS
view release on metacpan or search on metacpan
lib/Apache2/AuthzNIS.pm view on Meta::CPAN
=head2 Apache2::AuthenNIS vs. Apache2::AuthzNIS
The following comments are from Apache::AuthzNIS.
I've taken "authentication" to be meaningful only in terms of a user and
password combination, not group membership. This means that you can use
Apache::AuthenNIS with the B<require user> and B<require valid-user>
directives. In the NIS context I consider B<require group> to be an
"authorization" concern. I.e., Group authorization consists of
establishing whether the already authenticated user is a member of one of
the indicated groups in the B<require group> directive. This process may
Apache2-ClickPath
view release on metacpan or search on metacpan
lib/Apache2/ClickPath.pm view on Meta::CPAN
C<ClickPathSecret> is given as C<http:>, C<https:>, C<file:> or C<data:> URL.
Thus the secret can be stored directly as data-URL in the httpd.conf or in a
separate file on the local disk or on a possibly secured server. To enable
all modes of accessing the WEB the http(s)-URL syntax is a bit extented.
Maybe you have already used C<http://user:password@server.tld/...>. Many
browsers allow this syntax to specify a username and password for HTTP
authentication. But how about proxies, SSL-authentication etc? Well, add
another colon (:) after the password and append a semicolon (;) delimited
list of C<key=value> pairs. The special characters (@:;\) can be quoted
with a backslash (\). In fact, all characters can be quoted. Thus, C<\a> and
C<a> produce the same string C<a>.
The following keys are defined:
lib/Apache2/ClickPath.pm view on Meta::CPAN
=item B<https_proxy>
=item B<https_proxy_username>
=item B<https_proxy_password>
=item B<https_version>
=item B<https_cert_file>
lib/Apache2/ClickPath.pm view on Meta::CPAN
=item B<https_ca_dir>
=item B<https_pkcs12_file>
=item B<https_pkcs12_password>
their meaning is defined in L<Crypt::SSLeay>.
=item B<http_proxy>
=item B<http_proxy_username>
=item B<http_proxy_password>
these are passed to L<LWP::UserAgent>.
Remember a HTTP-proxy is accessed with the GET or POST, ... methods whereas
a HTTPS-proxy is accessed with CONNECT. Don't mix them, see L<Crypt::SSLeay>.
lib/Apache2/ClickPath.pm view on Meta::CPAN
B<Examples>
ClickPathSecret https://john:a\@b\;c\::https_ca_file=/my/ca.pem@secrethost.tld/bin/secret.pl?host=me
fetches the secret from C<https://secrethost.tdl/bin/secret.pl?host=me>
using C<john> as username and C<a@b;c:> as password. The server certificate
of secrethost.tld is verified against the CA certificate found in
C</my/ca.pem>.
ClickPathSecret https://::https_pkcs12_file=/my/john.p12;https_pkcs12_password=a\@b\;c\:;https_ca_file=/my/ca.pem@secrethost.tld/bin/secret.pl?host=me
fetches the secret again from C<https://secrethost.tdl/bin/secret.pl?host=me>
using C</my/john.p12> as client certificate with C<a@b;c:> as password.
The server certificate of secrethost.tld is again verified against the CA
certificate found in C</my/ca.pem>.
ClickPathSecret data:,password:very%20secret%20password
here a data-URL is used that produces the content
C<password:very secret password>.
The URL's content is fetched by L<LWP::UserAgent> once at server startup.
Its content defines the secret either in binary form or as string of
hexadecimal characters or as a password. If it starts with C<binary:> the
rest of the content is taken as is as the key. If it starts with C<hex:>
C<pack( 'H*', $arg )> is used to convert it to binary. If it starts with
C<password:> or with neither of them the MD5 digest of the rest of the
content is used as secret.
The Blowfish algorithm allows up to 56 bytes as secret. In hex and binary
mode the starting 56 bytes are used. You can specify more bytes but they
won't be regarded. In password mode the MD5 algorithm produces
16 bytes long secret.
=back
=head2 Working with a load balancer
Apache2-Controller
view release on metacpan or search on metacpan
lib/Apache2/Controller/Directives.pm view on Meta::CPAN
},
{
name => 'A2C_DBI_Password',
req_override => Apache2::Const::OR_ALL,
args_how => Apache2::Const::TAKE1,
errmsg => 'example: A2C_DBI_Password database_password',
},
{
name => 'A2C_DBI_Options',
req_override => Apache2::Const::OR_ALL,
args_how => Apache2::Const::ITERATE2,
lib/Apache2/Controller/Directives.pm view on Meta::CPAN
=head2 A2C_DBI_Password
A2C_DBI_Password jeebee
Single argument, the DBI password.
=cut
sub A2C_DBI_Password {
my ($self, $parms, $password) = @_;
($password) = $password =~ m{ \A (.*) \z }mxs;
$self->{A2C_DBI_Password} = $password;
}
=head2 A2C_DBI_Options
Multiple arguments.
Apache2-Dummy-RequestRec
view release on metacpan or search on metacpan
RequestRec.pm view on Meta::CPAN
my $result = $ct =~ /json/i ? from_json(unescapeURIString($body)) : $body;
ok(Compare($result, $exp_res), "body");
}
test_http_handler('My::Apache::Request::handler', { redirect => "https://localhost/" }, 55, 'application/json', login => 'mylogin', password => 'mypasswd');
=head1 DESCRIPTION
B<Apache2::Dummy::RequestRec> can be used to test Apache2 mod_perl request handlers without an actual web server running. The difference to other similar modules is, that it uses L<APR::Table> and L<APR::Pool> to act much more like a real Apache.
Apache2-POST200
view release on metacpan or search on metacpan
SYNOPSIS
LoadModule perl_module ...
PerlLoadModule Apache2::POST200;
POST200Storage dbi:mysql:db=db:localhost user password
POST200Table p200 session data
PerlOutputFilterHandler Apache2::POST200::Filter
<Location "/-redirect-">
SetHandler modperl
PerlResponseHandler Apache2::POST200::Response
# This is now a forward proxy setup.
Listen localhost:8080
<VirtualHost localhost:8080>
POST200Storage dbi:mysql:db=db:localhost user password
POST200Table p200 session data
PerlOutputFilterHandler Apache2::POST200::Filter
<Location "/-localhost-8080-">
SetHandler modperl
PerlResponseHandler Apache2::POST200::Response
The module itself is loaded from the Apache configuration file via a
"PerlLoadModule" directive. It then provides a few configuration
directives of its own. All directives are allowed in server config,
virtual host and directory contexts.
Post200Storage dsn user password
"Post200Storage" describes the database to be used. All 3 parameter
are passed to the DBI::connect method, see DBI. User and password
can be omitted if the database supports it.
"Post200Storage None" disables the output filter. That means replies
with a HTTP code 200 to a POST request are delivered as is.
Apache2-PageKit
view release on metacpan or search on metacpan
eg/Model/MyPageKit/Common.pm view on Meta::CPAN
my $sql_str = "SELECT user_id, passwd FROM pkit_user WHERE login=?";
my ($user_id, $dbpasswd) = $dbh->selectrow_array($sql_str, {}, $login);
unless ($user_id && $dbpasswd && $epasswd eq crypt($dbpasswd,$epasswd)){
$model->pkit_gettext_message("Your login/password is invalid. Please try again.",
is_error => 1);
return;
}
no strict 'refs';
Apache2-REST
view release on metacpan or search on metacpan
lib/Apache2/REST/Handler/login.pm view on Meta::CPAN
sub GET{
my ( $self , $req , $resp ) = @_ ;
my $email = $req->param('email') ;
my $password = $req->param('password') ;
## DUMMY
if ( $email ne 'fail'){
my $uid = $SERIAL++ ;
$resp->data()->{'uid'} = $uid ;
Apache2-SQLRequest
view release on metacpan or search on metacpan
lib/Apache2/SQLRequest.pm view on Meta::CPAN
(__PACKAGE__.'::Config', $r->server);
my $dconf = Apache2::Module::get_config
(__PACKAGE__.'::Config', $r->server, $r->per_dir_config);
map { $r->{$_} ||= defined $dconf->{$_} ? $dconf->{$_} :
defined $conf->{$_} ? $conf->{$_} : '' } qw(dsn user password);
# guarantee the dbi
$r->log->debug(sprintf("dsn: '%s', user: '%s', pass: '%s'",
map { defined $_ ? $_ : '' } @{$r}{qw(dsn user password)}));
require DBI;
$r->log->debug("DBI loaded.");
my $dbh = $r->{dbh} = $DBCONNS{$r->{dsn}} ||=
#join(" ", @{$r}{qw(dsn user password)});
DBI->connect(@{$r}{qw(dsn user password)}) or die
"Cannot connect to database with dsn $r->{dsn}: " . DBI->errstr;
$r->log->debug("DBI really loaded.");
# configuration is transient
$r->{sth} ||= {};
Apache2-SiteControl
view release on metacpan or search on metacpan
lib/Apache2/SiteControl/Radius.pm view on Meta::CPAN
sub check_credentials
{
my $r = shift; # Apache request object
my $username = shift;
my $password = shift;
my $host = $r->dir_config("RadiusSiteControlHost") || "localhost";
my $secret = $r->dir_config("RadiusSiteControlSecret") || "unknown";
my $radius;
# Get my IP address to pass as the
lib/Apache2/SiteControl/Radius.pm view on Meta::CPAN
$radius = new Authen::Radius(Host => $host, Secret => $secret);
if(!$radius) {
$r->log_error("Could not contact radius server!");
return 0;
}
if($radius->check_pwd($username, $password, $nas_ip_address)) {
return 1;
}
$r->log_error("User $username failed authentication:" . $radius->strerror);
return 0;
}
Apache2-Translation
view release on metacpan or search on metacpan
lib/Apache2/Translation/DB.pm view on Meta::CPAN
use strict;
use warnings;
no warnings qw(uninitialized);
use DBI;
use Class::Member::HASH -CLASS_MEMBERS=>qw/database user password table
key uri block order action notes
cachesize cachetbl cachecol
singleton id is_initialized
seqtbl seqnamecol seqvalcol
idseqname dbinit
lib/Apache2/Translation/DB.pm view on Meta::CPAN
}
sub connect {
my $I=shift;
my $dbh=$I->_dbh=DBI->connect( $I->database, $I->user, $I->password,
{
AutoCommit=>1,
PrintError=>0,
RaiseError=>1,
} );
Apache2-UploadProgress
view release on metacpan or search on metacpan
extra/progress.js view on Meta::CPAN
return ret;
};
this.setRequestHeader = function(header, value) {
this._headers[this._headers.length] = {h:header, v:value};
};
this.open = function(method, url, async, user, password) {
this.method = method;
this.url = url;
this._async = true;
this._aborted = false;
if (arguments.length >= 3) {
this._async = async;
}
if (arguments.length > 3) {
// user/password support requires a custom Authenticator class
opera.postError('XMLHttpRequest.open() - user/password not supported');
}
this._headers = [];
this.readyState = 1;
if (this.onreadystatechange) {
this.onreadystatechange();
Apache2-WebApp-Extra-Admin
view release on metacpan or search on metacpan
lib/Apache2/WebApp/Extra/Admin.pm view on Meta::CPAN
The login information below is currently set-up by default. In order to
manage user access this account must exist within your C<htpasswd>
User Name admin
Password password
=head1 OPTIONAL
If database support is available, you can log control panel user actions
to a database. The database table to store logging information is
lib/Apache2/WebApp/Extra/Admin.pm view on Meta::CPAN
=head1 DEBUG MODE
If debugging is enabled, the URI and query string are logged. This can
pose as a security risk when running in a production environment since
personal information (including passwords) may be exposed.
=head1 SEE ALSO
L<Apache2::WebApp>, L<Apache2::WebApp::Plugin::DBI>,
L<Apache2::WebApp::Plugin::DateTime>, L<Apache::Htpasswd>
Apache2-WebApp-Plugin-DBI
view release on metacpan or search on metacpan
lib/Apache2/WebApp/Plugin/DBI.pm view on Meta::CPAN
my $driver = $config->{driver};
my $host = $config->{host} || 'localhost';
my $name = $config->{name};
my $user = $config->{user};
my $password = $config->{password};
my $commit = $config->{commit};
return if (!$name && !$user && !$password);
return DBI->connect(
"dbi:$driver:$name:$host", $user, $password,
{
PrintError => 1,
RaiseError => 1,
AutoCommit => ($commit) ? 1 : 0,
}
lib/Apache2/WebApp/Plugin/DBI.pm view on Meta::CPAN
[database]
driver = mysql
host = localhost
name = database
user = foo
password = bar
auto_commit = 0
=head1 OBJECT METHODS
=head2 connect
lib/Apache2/WebApp/Plugin/DBI.pm view on Meta::CPAN
my $dbh = $c->plugin('DBH')->connect({
driver => 'mysql',
host => 'localhost',
name => 'database',
user => 'bar',
password => 'baz',
commit => 1 || 0,
});
my $sth = $dbh->prepare("SELECT * FR..");
Apache2-WebApp-Plugin-Session
view release on metacpan or search on metacpan
lib/Apache2/WebApp/Plugin/Session.pm view on Meta::CPAN
also be used to set a customized session cookie.
my $session_id = $c->plugin('Session')->create($c, 'login',
{
username => 'foo',
password => 'bar',
}
);
=head2 get
lib/Apache2/WebApp/Plugin/Session.pm view on Meta::CPAN
my ($self, $c) = @_;
$c->plugin('Session')->create($c, 'login',
{
username => 'foo',
password => 'bar',
}
);
$c->plugin('CGI')->redirect($c, '/app/example/verify');
}
lib/Apache2/WebApp/Plugin/Session.pm view on Meta::CPAN
my $data_ref = $c->plugin('Session')->get($c, 'login');
$c->request->content_type('text/html');
print $data_ref->{username} . '-' . $data_ref->{password}; # outputs 'foo-bar'
}
1;
=head1 SUPPORTED TYPES
Apache2-WebApp-Toolkit
view release on metacpan or search on metacpan
lib/Apache2/WebApp.pm view on Meta::CPAN
E) Password file used for restricting access to a specified path (see C<httpd.conf>).
The login information below is currently set-up by default.
User Name admin
Password password
You can change the login password using the C<htpasswd> command-line script.
$ htpasswd /var/www/project/conf/htpasswd admin
F) Apache server I<Virtual Host> configuration.
Apache2-reCaptcha
view release on metacpan or search on metacpan
lib/Apache2/reCaptcha.pm view on Meta::CPAN
# reCaptcha.conf
PerlModule Apache2::reCaptcha
PerlSetVar reCaptchaTicketDB DBI:mysql:database=sessions;host=mysql.example.com
PerlSetVar reCaptchaTicketDBUser session
PerlSetVar reCaptchaTicketDBPassword supersecret password
PerlSetVar reCaptchaTicketTable tickets:ticket_hash:ts
PerlSetVar reCaptchaTicketLoginHandler /reCaptchalogin
#This is the path for the cookie
PerlSetVar reCaptchaPath /
PerlSetVar reCaptchaDomain www.example.com
lib/Apache2/reCaptcha.pm view on Meta::CPAN
The Database username to login
=head3 B<reCaptchaTicketDBPassword>
The database password
=head3 B<reCaptchaTicketTable>
This is the path to where to store tickets the fomat is table:column1:column2
Apache2_4-AuthCookieMultiDBI
view release on metacpan or search on metacpan
lib/Apache2_4/AuthCookieMultiDBI.pm view on Meta::CPAN
DBI_SecretKey => undef,
DBI_User => undef,
DBI_Password => undef,
DBI_UsersTable => 'users',
DBI_UserField => 'user',
DBI_PasswordField => 'password',
DBI_UserActiveField => EMPTY_STRING, # Default is don't use this feature
DBI_CryptType => 'none',
DBI_GroupsTable => 'groups',
DBI_GroupField => 'grp',
DBI_GroupUserField => 'user',
lib/Apache2_4/AuthCookieMultiDBI.pm view on Meta::CPAN
PerlSetVar WhatEverDBI_DSN "DBI:mysql:database=test"
PerlSetVar WhatEverDBI_SecretKey "489e5eaad8b3208f9ad8792ef4afca73598ae666b0206a9c92ac877e73ce835c"
# These are optional, the module sets sensible defaults.
PerlSetVar WhatEverDBI_User "nobody"
PerlSetVar WhatEverDBI_Password "password"
PerlSetVar WhatEverDBI_UsersTable "users"
PerlSetVar WhatEverDBI_UserField "user"
PerlSetVar WhatEverDBI_PasswordField "password"
PerlSetVar WhatEverDBI_UserActiveField "" # Default is skip this feature
PerlSetVar WhatEverDBI_CryptType "none"
PerlSetVar WhatEverDBI_GroupsTable "groups"
PerlSetVar WhatEverDBI_GroupField "grp"
PerlSetVar WhatEverDBI_GroupUserField "user"
lib/Apache2_4/AuthCookieMultiDBI.pm view on Meta::CPAN
=head1 DESCRIPTION
This module is an authentication handler that uses the basic mechanism provided
by Apache2_4::AuthCookie with a DBI database for ticket-based protection. Actually
it is modified version of L<Apache2::AuthCookieDBI> for apache 2.4. It
is based on two tokens being provided, a username and password, which can
be any strings (there are no illegal characters for either). The username is
used to set the remote user as if Basic Authentication was used.
On an attempt to access a protected location without a valid cookie being
provided, the module prints an HTML login form (produced by a CGI or any
other handler; this can be a static file if you want to always send people
to the same entry page when they log in). This login form has fields for
username and password. On submitting it, the username and password are looked
up in the DBI database. The supplied password is checked against the password
in the database; the password in the database can be plaintext, or a crypt()
or md5_hex() checksum of the password. If this succeeds, the user is issued
a ticket. This ticket contains the username, an issue time, an expire time,
and an MD5 checksum of those and a secret key for the server. It can
optionally be encrypted before returning it to the client in the cookie;
encryption is only useful for preventing the client from seeing the expire
time. If you wish to protect passwords in transport, use an SSL-encrypted
connection. The ticket is given in a cookie that the browser stores.
After a login the user is redirected to the location they originally wished
to view (or to a fixed page if the login "script" was really a static file).
lib/Apache2_4/AuthCookieMultiDBI.pm view on Meta::CPAN
# If we used encryption we need to pull in Crypt::CBC.
if ( $c{'DBI_EncryptionType'} ne 'none' ) {
require Crypt::CBC;
}
# Compile module for password encryption, if needed.
if ( $c{'DBI_CryptType'} =~ '^sha') {
require Digest::SHA;
}
return %c;
lib/Apache2_4/AuthCookieMultiDBI.pm view on Meta::CPAN
my %c = $self->_dbi_config_vars($r);
my $auth_name = $r->auth_name;
# get the crypted password from the users database for this user.
my $dbh = DBI->connect_cached( $c{'DBI_DSN'}, $c{'DBI_User'}, $c{'DBI_Password'} );
if ( !defined $dbh ) {
my $error_message = "${self} => couldn't connect to $c{'DBI_DSN'} for auth realm $auth_name";
$r->server->log_error( $error_message );
return;
lib/Apache2_4/AuthCookieMultiDBI.pm view on Meta::CPAN
return $dbh;
}
#-------------------------------------------------------------------------------
# _get_crypted_password -- Get the users' password from the database
#
sub _get_crypted_password ($$\@) {
my $self = shift;
my $r = shift;
my $user = shift;
my $dbh = $self->_dbi_connect($r) || return;
lib/Apache2_4/AuthCookieMultiDBI.pm view on Meta::CPAN
= "${self}\tUser '$user' is not active for auth realm $auth_name.";
$r->server->log_error( $message );
return;
}
my $crypted_password = EMPTY_STRING;
my $sql_query = <<"SQL";
SELECT `$c{'DBI_PasswordField'}`
FROM `$c{'DBI_UsersTable'}`
WHERE `$c{'DBI_UserField'}` = ?
AND (`$c{'DBI_PasswordField'}` != ''
AND `$c{'DBI_PasswordField'}` IS NOT NULL)
SQL
my $sth = $dbh->prepare_cached($sql_query);
$sth->execute($user);
($crypted_password) = $sth->fetchrow_array();
$sth->finish();
if ( _is_empty($crypted_password) ) {
my $message
= "${self}\tCould not select password using SQL query '$sql_query'";
$r->server->log_error( $message );
return;
}
return $crypted_password;
}
#-------------------------------------------------------------------------------
# _now_year_month_day_hour_minute_second -- Return a string with the time in
# this order separated by dashes.
lib/Apache2_4/AuthCookieMultiDBI.pm view on Meta::CPAN
sub _now_year_month_day_hour_minute_second {
return sprintf '%04d-%02d-%02d-%02d-%02d-%02d', Today_and_Now;
}
#-------------------------------------------------------------------------------
# _check_password -- password checking
#
sub _check_password {
my ( $self, $password, $crypted_password, $crypt_type ) = @_;
return
if not $crypted_password
; # https://rt.cpan.org/Public/Bug/Display.html?id=62470
my %password_checker = (
'none' => sub { return $password eq $crypted_password; },
'crypt' => sub {
$self->_crypt_digest( $password, $crypted_password ) eq
$crypted_password;
},
'md5' => sub { return md5_hex($password) eq $crypted_password; },
'sha256' => sub {
return Digest::SHA::sha256_hex($password) eq $crypted_password;
},
'sha384' => sub {
return Digest::SHA::sha384_hex($password) eq $crypted_password;
},
'sha512' => sub {
return Digest::SHA::sha512_hex($password) eq $crypted_password;
},
);
return $password_checker{$crypt_type}->();
}
#-------------------------------------------------------------------------------
# _get_expire_time -- calculating expire time
#
lib/Apache2_4/AuthCookieMultiDBI.pm view on Meta::CPAN
#
sub authen_cred ($$\@) {
my $self = shift;
my $r = shift;
my $user = shift;
my $password = shift;
my @extra_data = @_;
my $auth_name = $r->auth_name;
( $user, $password ) = _defined_or_empty( $user, $password );
$user = trim($user);
if ( !length $user ) {
$r->server->log_error( "${self} no username supplied for auth realm $auth_name" );
return;
}
if ( !length $password ) {
$r->server->log_error( "${self} no password supplied for auth realm $auth_name" );
return;
}
if ( !$self->user_is_active( $r, $user ) ) {
my $message
lib/Apache2_4/AuthCookieMultiDBI.pm view on Meta::CPAN
}
# get the configuration information.
my %c = $self->_dbi_config_vars($r);
# get the crypted password from the users database for this user.
my $crypted_password = $self->_get_crypted_password( $r, $user, \%c );
# now return unless the passwords match.
my $crypt_type = lc $c{'DBI_CryptType'};
if ( !$self->_check_password( $password, $crypted_password, $crypt_type ) )
{
my $message = "${self} crypt_type: '$crypt_type' - passwords didn't match for user '$user' for auth realm $auth_name";
$r->server->log_error( $message );
return;
}
# Successful login
lib/Apache2_4/AuthCookieMultiDBI.pm view on Meta::CPAN
# time and the session id (if any) together to make the public part
# of the session key:
my $current_time = _now_year_month_day_hour_minute_second;
my $public_part = "$enc_user:$current_time:$expire_time:$session_id";
$public_part
.= $self->extra_session_info( $r, $user, $password, @extra_data );
# Now we calculate the hash of this and the secret key and then
# calculate the hash of *that* and the secret key again.
my $secretkey = $c{'DBI_SecretKey'};
if ( !defined $secretkey ) {
lib/Apache2_4/AuthCookieMultiDBI.pm view on Meta::CPAN
# return $r->dir_config("${auth_name}Path") . "$client/";
# }
sub extra_session_info {
my ( $self, $r, $user, $password, @extra_data ) = @_;
return EMPTY_STRING;
}
=head1 EXPORTS
( run in 0.922 second using v1.01-cache-2.11-cpan-49f99fa48dc )