Result:
found more than 636 distributions - search limited to the first 2001 files matching your query
( run in 1.195 )
Amazon-EC2
view release on metacpan or search on metacpan
lib/Amazon/EC2.pm view on Meta::CPAN
use Amazon::EC2;
use Amazon::Credentials;
use Data::Dumper;
my $ec2 = new Amazon::EC2({credentials => new Amazon::Credentials});
my $result = $ec2->DescribeInstances();
print Dumper($result);
lib/Amazon/EC2.pm view on Meta::CPAN
=item region
AWS region. default: us-east-1
=item credentials
An C<Amazon::Credentials> object. You can specify your credentials
using this object or by setting your access keys and optional token
directly.
=item aws_secret_access_key
lib/Amazon/EC2.pm view on Meta::CPAN
Your AWS access key id.
=item token
Optional token if your credentials were temporary (from the role or assumed role).
=back
I<Note that if no credentials are given, the constructor will behave as if you had done:>
new Amazon::EC2({credentials => new Amazon::Credentials});
I<...which will use your default credentials. See C<Amazon::Credentials>.>
=cut
my @API_METHODS = qw/AcceptReservedInstancesExchangeQuote
AcceptVpcEndpointConnections
Amazon-MWS
view release on metacpan or search on metacpan
lib/Amazon/MWS/Uploader.pm view on Meta::CPAN
=head1 DESCRIPTION
This module provide an high level interface to the upload process. It
has to keep track of the state to resume the uploading, which could
get stuck on the Amazon's side processing, so database credentials
have to be provided (or the database handle itself).
The table structure needed is defined and commented in sql/amazon.sql
=head1 SYNOPSIS
Amazon-S3-Thin
view release on metacpan or search on metacpan
lib/Amazon/S3/Thin.pm view on Meta::CPAN
my $self = shift;
# If we have an explicitly-configured credential provider then use that here, otherwise
# existing behaviour will be followed
if ($self->{credential_provider} and $self->{credential_provider} eq 'env') {
$self->{credentials} = Amazon::S3::Thin::Credentials->from_env;
}
elsif ($self->{credential_provider} and $self->{credential_provider} eq 'metadata') {
$self->{credentials} = Amazon::S3::Thin::Credentials->from_metadata($self);
}
elsif ($self->{credential_provider} and $self->{credential_provider} eq 'ecs_container') {
$self->{credentials} = Amazon::S3::Thin::Credentials->from_ecs_container($self);
}
else {
# check existence of credentials
croak "No aws_access_key_id" unless $self->{aws_access_key_id};
croak "No aws_secret_access_key" unless $self->{aws_secret_access_key};
# wrap credentials
$self->{credentials} = Amazon::S3::Thin::Credentials->new(
$self->{aws_access_key_id},
$self->{aws_secret_access_key},
$self->{aws_session_token},
);
delete $self->{aws_access_key_id};
lib/Amazon/S3/Thin.pm view on Meta::CPAN
my $version = shift;
my $signer_class = "Amazon::S3::Thin::Signer::V$version";
eval "require $signer_class" or die $@;
if ($version == 2) {
return $signer_class->new($self->{credentials}, $MAIN_HOST);
} elsif ($version == 4) {
return $signer_class->new($self->{credentials}, $self->{region});
}
}
sub _default_ua {
lib/Amazon/S3/Thin.pm view on Meta::CPAN
=head1 SYNOPSIS
use Amazon::S3::Thin;
# Pass in explicit credentials
my $s3client = Amazon::S3::Thin->new({
aws_access_key_id => $aws_access_key_id,
aws_secret_access_key => $aws_secret_access_key,
aws_session_token => $aws_session_token, # optional
region => $region, # e.g. 'ap-northeast-1'
});
# Get credentials from environment
my $s3client = Amazon::S3::Thin->new({region => $region, credential_provider => 'env'});
# Get credentials from instance metadata
my $s3client = Amazon::S3::Thin->new({
region => $region,
credential_provider => 'metadata',
version => 2, # optional (default 2)
role => 'my-role', # optional
});
# Get credentials from ECS task role
my $s3client = Amazon::S3::Thin->new({
region => $region,
credential_provider => 'ecs_container',
});
lib/Amazon/S3/Thin.pm view on Meta::CPAN
It can receive the following arguments:
=over 4
=item * C<credential_provider> (B<default: credentials>) - specify where to source credentials from. Options are:
=over 2
=item * C<credentials> - existing behaviour, pass in credentials via C<aws_access_key_id> and C<aws_secret_access_key>
=item * C<env> - fetch credentials from environment variables
=item * C<metadata> - fetch credentials from EC2 instance metadata service
=item * C<ecs_container> - fetch credentials from ECS task role
=back
=item * C<region> - (B<REQUIRED>) region of your buckets you access- (currently used only when signature version is 4)
=item * C<aws_access_key_id> (B<REQUIRED [provider: credentials]>) - an access key id
of your credentials.
=item * C<aws_secret_access_key> (B<REQUIRED [provider: credentials]>) - an secret access key
of your credentials.
=item * C<version> (B<OPTIONAL [provider: metadata]>) - version of metadata service to use, either 1 or 2.
L<read more|https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/configuring-instance-metadata-service.html>
=item * C<role> (B<OPTIONAL [provider: metadata]>) - IAM instance role to use, otherwise the first is selected
Amazon-S3
view release on metacpan or search on metacpan
S3TestUtils.pm view on Meta::CPAN
if ( $ENV{AMAZON_S3_CREDENTIALS} ) {
require Amazon::Credentials;
return Amazon::S3->new(
{ credentials => Amazon::Credentials->new,
host => $host,
secure => is_aws(),
dns_bucket_names => $ENV{AMAZON_S3_DNS_BUCKET_NAMES},
level => $ENV{DEBUG} ? 'trace' : 'error',
}
Amazon-SES
view release on metacpan or search on metacpan
lib/Amazon/SES.pm view on Meta::CPAN
my $request = POST("https://email." . $self->region . ".amazonaws.com", $args);
if ($self->{use_iam_role}) {
my $creds = VM::EC2::Security::CredentialCache->get();
defined($creds) || die("Unable to retrieve IAM role credentials");
$self->{access_key} = $creds->accessKeyId;
$self->{secret_key} = $creds->secretAccessKey;
$request->header('x-amz-security-token' => $creds->sessionToken);
}
lib/Amazon/SES.pm view on Meta::CPAN
Implements Amazon Web Services' Simple Email Service (SES). Sess L<http://docs.aws.amazon.com/ses/latest/DeveloperGuide/Welcome.html> for details and to sign-up for the service. Forked from Net::AWS::SES, changed to use Moops and updated to support ...
=head1 GETTING STARTED
After you sign-up for AWS SES service you need to create an C<IAM> credentials and create an C<access_key> and a C<secret_key>, which you will be needing to interface with the SES. Do not forget to grant permission to your C<IAM> to use SES. Read L<h...
=head1 METHODS
I attempted to make the method names as Perlish as possible, as opposed to direct copy/paste from the API reference. This way I felt you didn't have to be familiar with the full API reference in order to use the basic features of the service.
Amazon-SQS-Client
view release on metacpan or search on metacpan
bin/QueueDaemon.pl view on Meta::CPAN
my $config = load_config($options);
${$handler} = load_handler(
options => $options,
logger => ${$handler}->get_logger,
credentials => ${$handler}->get_credentials,
config => $config,
);
init_logger($options); # just reset loglevel (potentially)
bin/QueueDaemon.pl view on Meta::CPAN
########################################################################
sub load_handler {
########################################################################
my %args = @_;
my ( $config, $options, $logger, $credentials ) = @args{qw(config options logger credentials)};
if ( Class::Inspector->loaded( $options->{handler} ) ) {
Class::Unload->unload( $options->{handler} );
}
bin/QueueDaemon.pl view on Meta::CPAN
url => $options->{'queue-url'},
message_type => $options->{'message-type'},
create_queue => $options->{'create-queue'},
wait_time => $options->{'wait-time'},
visibility_timeout => $options->{'visibility-timeout'},
credentials => $credentials,
);
die "not an Amazon::SQS::QueueHandler\n"
if !$handler->isa('Amazon::SQS::QueueHandler');
Amazon-SQS-Simple
view release on metacpan or search on metacpan
lib/Amazon/SQS/Simple.pm view on Meta::CPAN
=item new($access_key, $secret_key, [%opts])
Constructs a new Amazon::SQS::Simple object
C<$access_key> is your Amazon Web Services access key. C<$secret_key> is your Amazon Web
Services secret key. If you don't have either of these credentials, visit
L<http://aws.amazon.com/>.
Options for new:
=over 4
Amon2
view release on metacpan or search on metacpan
share/flavor/Large/t/07_mech_links.t view on Meta::CPAN
for my $psgi (glob('script/*-server')) {
subtest $psgi => sub {
my $app = Plack::Util::load_psgi($psgi);
my $mech = Test::WWW::Mechanize::PSGI->new( app => $app );
$mech->credentials( 'admin', 'admin' );
$mech->get_ok('/');
my @links = _extract_links($mech);
for (@links) {
$mech->get('/');
AnyEvent-FTP
view release on metacpan or search on metacpan
lib/AnyEvent/FTP/Client.pm view on Meta::CPAN
The URI of the remote FTP server. C<$uri> must be either an instance of L<URI> with the C<ftp>
scheme, or a string with an FTP URL.
If you use this method to connect to the FTP server, connect will also attempt to login with
the username and password specified in the URL (or anonymous FTP if no credentials are
specified).
If there is a path included in the URL, then connect will also do a C<CWD> so that you start
in that directory.
AnyEvent-InfluxDB
view release on metacpan or search on metacpan
lib/AnyEvent/InfluxDB.pm view on Meta::CPAN
=head2 new
my $db = AnyEvent::InfluxDB->new(
server => 'http://localhost:8086',
# authenticate using Basic credentials
username => 'admin',
password => 'password',
# or use JWT token
jwt => 'JWT_TOKEN_BLOB'
AnyEvent-Mattermost
view release on metacpan or search on metacpan
lib/AnyEvent/Mattermost.pm view on Meta::CPAN
=head2 start
$mconn->start();
Opens the connection to the Mattermost server, authenticates the previously
provided account credentials and performs an initial data request for user,
team, and channel information.
Any errors encountered will croak() and the connection will be aborted.
=cut
AnyEvent-Porttracker
view release on metacpan or search on metacpan
Porttracker/protocol.pod view on Meta::CPAN
< ["someid",0,"you need to authenticate first"]
Most requests are only valid once logged-in.
> [100, "login", "username", "password"]
< [100,1]
The client sent a login request with credentials,
and the server accepted them.
> ["someid", "realm_poll", 5100005442]
Starts a poll, which takes a long time.
Porttracker/protocol.pod view on Meta::CPAN
exist yet.
> [1, "realm_seed_list_modify", "5100005442", ["10.0.0.5"], ["10.0.0.5"]]
< [1,1]
=item "realm_snmp_credential_list" - list snmp credentials
This request returns the snmp credentials for the given realm.
> [<id>, "realm_snmp_credential_list", <realm-gid>]
< [<id>, 1, [ [<subnet>, <bits>, [ 2, [<community>...], [3, <v3 settings>] ], <flags>]... ]]
The reply contains an array with all configured snmp credentials, one per
subnet. Each snmp credential will contain the subnet address in textual
form, the leading number of significant bits in the subnet (0..32 for
IPv4, 0..128 for IPv6), an array per snmp v2 and v3 settings and a flags bitset
(bit value C<1> means it is an include, otherwise it is an exclude).
v2 array starts with bit value C<2> means it is version v2 and followed by an array
Porttracker/protocol.pod view on Meta::CPAN
Example:
> [1, "realm_snmp_credential_list", "5100005442"]
< [1,1,[ ["10.1.0.0",16,[[2,["test"]], [3,"authPrivUser","authpass","privpass", null, "md5","aes"]],1] ]]
=item "realm_snmp_credential_list_modify" - modify snmp credentials
Removes and/or adds snmp credential entries.
> [<id>, "realm_snmp_credential_list_modify", <realm-gid>, [<remove-subnet>], [<add-subnet>...]]
< [<id>, 1]
The two arrays after the realm-gid specify a list of subnet addresses to
remove (only exact matches wil be removed) and a list of subnet-entries to
be added afterwards. Each entry in the <add-subnet> list follows the same
format as returned by C<realm_snmp_credentials>.
Example:
> [1, "realm_snmp_credential_list_modify", "5100005442", [ ["10.0.0.0", 8], ["11.1.1.0", 24] ],
[ ["192.168.240.0", 24, [[2, ["w0rld", "peace"]], [3, "noAuthUser"]], 1] ]]
< [1, 1]
AnyEvent-Twitter
view release on metacpan or search on metacpan
lib/AnyEvent/Twitter.pm view on Meta::CPAN
my $cv = AE::cv;
# GET request
$cv->begin;
$ua->get('account/verify_credentials', sub {
my ($header, $response, $reason) = @_;
say $response->{screen_name};
$cv->end;
});
# GET request with parameters
$cv->begin;
$ua->get('account/verify_credentials', {
include_entities => 1
}, sub {
my ($header, $response, $reason) = @_;
say $response->{screen_name};
lib/AnyEvent/Twitter.pm view on Meta::CPAN
# verbose and old style
$cv->begin;
$ua->request(
method => 'GET',
api => 'account/verify_credentials',
sub {
my ($hdr, $res, $reason) = @_;
if ($res) {
print "ratelimit-remaining : ", $hdr->{'x-ratelimit-remaining'}, "\n",
AnyEvent-XMPP
view release on metacpan or search on metacpan
are in multiple account's roster.
- AnyEvent::XMPP missing functionality to be RFC 3920 conform:
- improve error handling for SASL to
support retries as specified in RFC 3920.
(eg. by supporting a method sasl_retry() which takes
the changed credentials)
x SRV record lookup
- weight handling!
- AnyEvent::XMPP::IM missing functionality to be RFC 3921 conform:
- 7.2. Business Rules
- Implement XEP-0115: Entity Capabilities
Apache-AppSamurai
view release on metacpan or search on metacpan
examples/htdocs/login.pl view on Meta::CPAN
# any ASERRCODE code.
$params{URI} = $r->prev->uri || '';
my $args = $r->prev->args || '';
if (($args) && ($args =~ s/&?ASERRCODE\=(bad_credentials|no_cookie|bad_cookie|expired_cookie)//)) {
$params{REASON} = $1;
}
if ($args) {
$params{URI} .= '?' . $args;
examples/htdocs/login.pl view on Meta::CPAN
# message, then just set a variable.)
# Default message
$params{MESSAGE} = "<span class=\"infonormal\">Please log in</span>";
if ($params{REASON} eq 'bad_credentials') {
# Login failure
$params{MESSAGE} = "<span class=\"infored\">Access Denied - The credentials supplied were invalid. Please try again.</span>";
} elsif ($params{REASON} eq 'expired_cookie') {
# Expired session
$params{MESSAGE} = "<span class=\"infored\">Access Denied - Your session has expired. Please log in.</span>";
}
Apache-AuthCAS
view release on metacpan or search on metacpan
lib/Apache/AuthCAS.pm view on Meta::CPAN
DBI
DBD::<module name> (i.e. DBD::Pg)
=head2 Proxiable Credentials
This module can be optionally configured to use proxy credentials. This is
enabled by setting the I<CASService> and I<CASProxyService> configuration
parameters.
=head2 Examples
Example configuration without proxiable credentials, which assumes that the
module itself has been configured with devel and production variables set:
AuthType Apache::AuthCAS
AuthName "CAS"
PerlAuthenHandler Apache::AuthCAS->authenticate
PerlSetVar CASProduction "1"
require valid-user
Example configuration without proxiable credentials, which has not been
modified:
AuthType Apache::AuthCAS
AuthName "CAS"
PerlAuthenHandler Apache::AuthCAS->authenticate
lib/Apache/AuthCAS.pm view on Meta::CPAN
PerlSetVar CASLogLevel "0"
PerlSetVar CASRemoveTicket "false"
require valid-user
Example configuration with proxiable credentials, which assumes that the module
itself has been configured with devel and production variables set:
AuthType Apache::AuthCAS
AuthName "CAS"
PerlAuthenHandler Apache::AuthCAS->authenticate
PerlSetVar CASProduction "1"
PerlSetVar CASService "https://somedomain.com/email/"
PerlSetVar CASProxyService "mail.somedomain.com"
require valid-user
Example configuration with proxiable credentials, which has not been modified:
AuthType Apache::AuthCAS
AuthName "CAS"
PerlAuthenHandler Apache::AuthCAS->authenticate
PerlSetVar CASService "https://somedomain.com/email/"
Apache-AuthCookie
view release on metacpan or search on metacpan
lib/Apache/AuthCookie.pm view on Meta::CPAN
return $auth_type->login_form($r);
}
}
}
# Get the credentials from the data posted by the client
my @credentials;
for (my $i = 0 ; defined $params->param("credential_$i") ; $i++) {
my $key = "credential_$i";
my $val = $params->param("credential_$i");
$r->log_error("$key $val") if $debug >= 2;
push @credentials, $val;
}
# save creds in pnotes in case login form script wants to use them.
$r->pnotes("${auth_name}Creds", \@credentials);
# Exchange the credentials for a session key.
my $ses_key = $self->authen_cred($r, @credentials);
unless ($ses_key) {
$r->log_error("Bad credentials") if $debug >= 2;
$r->subprocess_env('AuthCookieReason', 'bad_credentials');
$r->uri($self->untaint_destination($destination));
return $auth_type->login_form;
}
if ($debug >= 2) {
lib/Apache/AuthCookie.pm view on Meta::CPAN
=head1 DESCRIPTION
B<Apache::AuthCookie> allows you to intercept a user's first
unauthenticated access to a protected document. The user will be
presented with a custom form where they can enter authentication
credentials. The credentials are posted to the server where AuthCookie
verifies them and returns a session key.
The session key is returned to the user's browser as a cookie. As a
cookie, the browser will pass the session key on every subsequent
accesses. AuthCookie will verify the session key and re-authenticate
lib/Apache/AuthCookie.pm view on Meta::CPAN
=over 4
=item C<authen_cred()>
Verify the user-supplied credentials and return a session key. The
session key can be any string - often you'll use some string
containing username, timeout info, and any other information you need
to determine access to documents, and append a one-way hash of those
values together with some secret key.
lib/Apache/AuthCookie.pm view on Meta::CPAN
=over 4
=item 1.
The client doesn't *have* to pass the user credentials on every
subsequent access. If you're using passwords, this means that the
password can be sent on the first request only, and subsequent
requests don't need to send this (potentially sensitive) information.
This is known as "ticket-based" authentication.
=item 2.
When you determine that the client should stop using the
credentials/session key, the server can tell the client to delete the
cookie. Letting users "log out" is a notoriously impossible-to-solve
problem of AuthBasic.
=item 3.
lib/Apache/AuthCookie.pm view on Meta::CPAN
=back
This is the flow of the authentication handler, less the details of the
redirects. Two REDIRECT's are used to keep the client from displaying
the user's credentials in the Location field. They don't really change
AuthCookie's model, but they do add another round-trip request to the
client.
(-----------------------) +---------------------------------+
( Request a protected ) | AuthCookie sets custom error |
lib/Apache/AuthCookie.pm view on Meta::CPAN
( session key cookie) ) | current request and creates sub |
(-----------------------) | request for the error document. |<-+
| Error document is a script that | |
| generates a form where the user | |
return | enters authentication | |
^------------------->| credentials (login & password). | |
/ \ False +---------------------------------+ |
/ \ | |
/ \ | |
/ \ V |
/ \ +---------------------------------+ |
/ Pass \ | User's client submits this form | |
/ user's \ | to the LOGIN URL, which calls | |
| credentials |<------------| AuthCookie->login(). | |
\ to / +---------------------------------+ |
\authen_cred/ |
\ function/ |
\ / |
\ / |
lib/Apache/AuthCookie.pm view on Meta::CPAN
create must be able to determine if this session_key is valid and
map it back to the originally authenticated user ID.
=head1 METHODS
=head2 authen_cred($r, @credentials)
You must define this method yourself in your subclass of
C<Apache::AuthCookie>. Its job is to create the session key that will
be preserved in the user's cookie. The arguments passed to it are:
lib/Apache/AuthCookie.pm view on Meta::CPAN
/three AND here
The authen_ses_key method would return a normal response when the user attempts
to access 'one' or 'three' but return (NOT_FOUND, 'File not found') if an
attempt was made to access subdirectory 'two'. Or, in the case of expired
credentials, (AUTH_REQUIRED,'Your session has timed out, you must login
again').
example 'custom_errors'
sub custom_errors {
lib/Apache/AuthCookie.pm view on Meta::CPAN
This method handles the submission of the login form. It will call
the C<authen_cred()> method, passing it C<$r> and all the submitted
data with names like C<"credential_#">, where # is a number. These will
be passed in a simple array, so the prototype is
C<$self-E<gt>authen_cred($r, @credentials)>. After calling
C<authen_cred()>, we set the user's cookie and redirect to the
URL contained in the C<"destination"> submitted form field.
=head2 untaint_destination($uri)
lib/Apache/AuthCookie.pm view on Meta::CPAN
=back
In addition, you might want your login page to be able to tell why
the user is being asked to log in. In other words, if the user sent
bad credentials, then it might be useful to display an error message
saying that the given username or password are invalid. Also, it
might be useful to determine the difference between a user that sent
an invalid auth cookie, and a user that sent no auth cookie at all. To
cope with these situations, B<AuthCookie> will set
C<$r-E<gt>subprocess_env('AuthCookieReason')> to one of the following values.
lib/Apache/AuthCookie.pm view on Meta::CPAN
=item I<bad_cookie>
The cookie the user presented is invalid. Typically this means that the user
is not allowed access to the given page.
=item I<bad_credentials>
The user tried to log in, but the credentials that were passed are invalid.
=back
You can examine this value in your login form by examining
C<$r-E<gt>prev-E<gt>subprocess_env('AuthCookieReason')> (because it's
Apache-AuthCookieDBI
view release on metacpan or search on metacpan
AuthCookieDBI.pm view on Meta::CPAN
=back
=cut
sub extra_session_info {
my ( $self, $r, @credentials ) = @_;
return;
}
#-------------------------------------------------------------------------------
# Take the credentials for a user and check that they match; if so, return
# a new session key for this user that can be stored in the cookie.
# If there is a problem, return a bogus session key.
sub authen_cred {
my ( $self, $r, @credentials ) = @_;
my ( $user, $password, @extra_credentials ) = @credentials;
my $auth_name = $r->auth_name;
( $user, $password ) = _defined_or_empty( $user, $password );
if ( !length $user ) {
$r->log_reason(
AuthCookieDBI.pm view on Meta::CPAN
# OK, now we stick the username and the current time and the expire
# time together to make the public part of the session key:
my $current_time = _now_year_month_day_hour_minute_second;
my $public_part = "$enc_user:$current_time:$expire_time";
$public_part .= $self->extra_session_info( $r, @credentials );
# Now we calculate the hash of this and the secret key and then
# calculate the hash of *that* and the secret key again.
my $secret_key = $SECRET_KEYS{$auth_name};
unless ( defined $secret_key ) {
Apache-AuthCookieDBIRadius
view release on metacpan or search on metacpan
AuthCookie.pm view on Meta::CPAN
unless (exists $args{'destination'}) {
$r->log_error("No key 'destination' found in posted data");
return SERVER_ERROR;
}
# Get the credentials from the data posted by the client
my @credentials;
while (exists $args{"credential_" . ($#credentials + 1)}) {
$r->log_error("credential_" . ($#credentials + 1) . " " .
$args{"credential_" . ($#credentials + 1)}) if ($debug >= 2);
push(@credentials, $args{"credential_" . ($#credentials + 1)});
}
# Exchange the credentials for a session key.
my $ses_key = $self->authen_cred($r, @credentials);
$r->log_error("ses_key " . $ses_key) if ($debug >= 2);
$self->send_cookie($ses_key);
if ($r->method eq 'POST') {
AuthCookie.pm view on Meta::CPAN
=head1 DESCRIPTION
B<Apache::AuthCookie> allows you to intercept a user's first
unauthenticated access to a protected document. The user will be
presented with a custom form where they can enter authentication
credentials. The credentials are posted to the server where AuthCookie
verifies them and returns a session key.
The session key is returned to the user's browser as a cookie. As a
cookie, the browser will pass the session key on every subsequent
accesses. AuthCookie will verify the session key and re-authenticate
AuthCookie.pm view on Meta::CPAN
=over 4
=item C<authen_cred()>
Verify the user-supplied credentials and return a session key. The
session key can be any string - often you'll use some string
containing username, timeout info, and any other information you need
to determine access to documents, and append a one-way hash of those
values together with some secret key.
AuthCookie.pm view on Meta::CPAN
=over 4
=item 1.
The client doesn't *have* to pass the user credentials on every
subsequent access. If you're using passwords, this means that the
password can be sent on the first request only, and subsequent
requests don't need to send this (potentially sensitive) information.
This is known as "ticket-based" authentication.
=item 2.
When you determine that the client should stop using the
credentials/session key, the server can tell the client to delete the
cookie. Letting users "log out" is a notoriously impossible-to-solve
problem of AuthBasic.
=item 3.
AuthCookie.pm view on Meta::CPAN
=back
This is the flow of the authentication handler, less the details of the
redirects. Two REDIRECT's are used to keep the client from displaying
the user's credentials in the Location field. They don't really change
AuthCookie's model, but they do add another round-trip request to the
client.
=for html
<PRE>
AuthCookie.pm view on Meta::CPAN
( session key cookie) ) | current request and creates sub |
(-----------------------) | request for the error document. |<-+
| Error document is a script that | |
| generates a form where the user | |
return | enters authentication | |
^------------------->| credentials (login & password). | |
/ \ False +---------------------------------+ |
/ \ | |
/ \ | |
/ \ V |
/ \ +---------------------------------+ |
/ Pass \ | User's client submits this form | |
/ user's \ | to the LOGIN URL, which calls | |
| credentials |<------------| AuthCookie->login(). | |
\ to / +---------------------------------+ |
\authen_cred/ |
\ function/ |
\ / |
\ / |
AuthCookie.pm view on Meta::CPAN
This method handles the submission of the login form. It will call
the C<authen_cred()> method, passing it C<$r> and all the submitted
data with names like C<"credential_#">, where # is a number. These will
be passed in a simple array, so the prototype is
C<$self-E<gt>authen_cred($r, @credentials)>. After calling
C<authen_cred()>, we set the user's cookie and redirect to the
URL contained in the C<"destination"> submitted form field.
=item * login_form()
Apache-AuthCookieLDAP
view release on metacpan or search on metacpan
AuthCookieLDAP.pm view on Meta::CPAN
#===============================================================================
# P U B L I C F U N C T I O N S
#===============================================================================
#-------------------------------------------------------------------------------
# Take the credentials for a user and check that they match; if so, return
# a new session key for this user that can be stored in the cookie.
# If there is a problem, return a bogus session key.
sub authen_cred($$\@)
{
my( $self, $r, @credentials ) = @_;
my $auth_name = $r->auth_name;
# Username goes in credential_0
my $user = $credentials[ 0 ];
unless ( $user =~ /^.+$/ ) {
$r->log_reason( "Apache::AuthCookieLDAP: no username supplied for auth realm $auth_name", $r->uri );
return 'bad';
}
# Password goes in credential_1
my $password = $credentials[ 1 ];
unless ( $password =~ /^.+$/ ) {
$r->log_reason( "Apache::AuthCookieLDAP: no password supplied for auth realm $auth_name", $r->uri );
return 'bad';
}
Apache-AuthCookieNTLM
view release on metacpan or search on metacpan
lib/Apache/AuthCookieNTLM.pm view on Meta::CPAN
=head1 DESCRIPTION
As explained in the Apache::AuthenNTLM module, depending on the user's
config, IE will supply your Windows logon credentials to the web server
when the server asks for NTLM authentication. This saves the user typing in
their windows login and password.
Apache::AuthCookieNTLM is an interface to Shannon Peevey's
Apache::AuthenNTLM module. This modules authenticates a user
Apache-AuthCookiePAM
view release on metacpan or search on metacpan
AuthCookiePAM.pm view on Meta::CPAN
#===============================================================================
# P U B L I C F U N C T I O N S
#===============================================================================
#-------------------------------------------------------------------------------
# Take the credentials for a user and check that they match; if so, return
# a new session key for this user that can be stored in the cookie.
# If there is a problem, return a bogus session key.
sub authen_cred($$\@)
{
my( $self, $r, @credentials ) ;
( $self, $r, @credentials ) = @_;
my $auth_name; $auth_name = $r->auth_name;
my %c ; %c = _config_vars $r;
# Username goes in credential_0
my $user; $user = $credentials[ 0 ];
$user=~ tr/A-Z/a-z/;
unless ( $user =~ /^.+$/ ) {
$r->log_reason( "Apache::AuthCookiePAM: no username supplied for auth realm $auth_name", $r->uri );
$r->subprocess_env('AuthenReason', 'No username provided. Try again.');
return undef;
}
# Password goes in credential_1
my $password; $password = $credentials[ 1 ];
unless ( $password =~ /^.+$/ ) {
$r->log_reason( "Apache::AuthCookiePAM: no password supplied for auth realm $auth_name", $r->uri );
$r->subprocess_env('AuthenReason', 'No password provided. Try again.');
return undef;
}
AuthCookiePAM.pm view on Meta::CPAN
$r->subprocess_env('AuthenReason', 'no_cookie');
return $auth_type->login_form;
}
$r->subprocess_env('AuthenReason', 'Password Change requested/required');
# Get the credentials from the data posted by the client
my @credentials;
#user in credential_0
my $user; $user = $args{"credential_0"};
$user=~ tr/A-Z/a-z/;
unless ( $user =~ /^.+$/ ) {
$r->log_reason( "Apache::AuthCookiePAM: no username supplied for auth realm $auth_name", $r->uri );
Apache-AuthCookieURL
view release on metacpan or search on metacpan
AuthCookieURL.pm view on Meta::CPAN
sub authen_cred ($$\@) {
my $self = shift;
my $r = shift;
my @creds = @_;
# Normall this would convert credentials into a session key
# A really silly session key.
return time . $$ . int rand $$;
AuthCookieURL.pm view on Meta::CPAN
} else {
$r->log_error("'destination' in posted data = '$destination'") if $debug >= 1;
}
# Get the credentials from the data posted by the client, if any.
my @credentials;
while (exists $args{"credential_" . ($#credentials + 1)}) {
$r->log_error("credential_" . ($#credentials + 1) . "= '" .
$args{"credential_" . ($#credentials + 1)} . "'") if $debug >= 2;
push(@credentials, $args{"credential_" . ($#credentials + 1)});
}
# convert post to get
AuthCookieURL.pm view on Meta::CPAN
}
$r->no_cache(1) unless $r->dir_config( $auth_name . 'Cache' );
# Exchange the credentials for a session key.
my ($ses_key, $error_message ) = $self->authen_cred($r, @credentials);
# Would be nice if could somehow go back to original request yet pass info
# from authen_cred about a failed authentication
# two ideas: 1) return a session key that authen_ses_key can identify as invalid
# 2) return a message and place that in a cookie
AuthCookieURL.pm view on Meta::CPAN
Please see perldoc Apache::AuthCookie for complete instructions. As this is intended to be
a drop-in replacement for Apache::AuthCookie you may wish to install and test with Ken's
Apache::AuthCookie before trying AuthCookieURL.
Basically, this module allows you to catch any unauthenticated access and redirect to a
login script that you define. The login script posts credentials (e.g. username and password)
and your module can then validate and provide a session key. The session key is sent in a cookie,
and also in a munged URL and a redirect is issued and the process starts all over.
Typically, you will write your own module that will override methods in Apache::AuthCookieURL.
These methods are described completely in Ken's Apache::AuthCookie. Your methods will be used
AuthCookieURL.pm view on Meta::CPAN
=over 4
=item * authen_cred()
This method verifies the credentials (e.g. username/password) and returns a session key. If the credentials are
not acceptable then you can return a list, with the second element being an error message
that is placed in a cookie. This allows your login script to display a failure reason. This
method is needed since a redirect is done before your login script is executed again. Of course,
this requires that the client has cookies enabled.
AuthCookieURL.pm view on Meta::CPAN
required (no valid session key was sent by cookie or URL). This login script can be a
CGI script, Apache::Registry script, or a mod_perl handler.
If set to `NONE' then AuthCookieURL will be in simple session management mode.
AuthCookieURL-E<gt>login will be called which calls authen_cred() to generate a session key.
authen_cred() should just return a session key without checking the credentials.
If you do not override AuthCookieURL::authen_cred(), then AuthCookieURL::authen_cred()
simply returns this for a session key.
return time . $$ . int rand $$;
Apache-AuthDigest
view release on metacpan or search on metacpan
return AUTH_REQUIRED;
=item compare_digest_response()
this method represents a shortcut for comparing a client Digest
request with whatever credentials are stored on the server. the
first argument is the hash reference returned by
get_digest_auth_response(). the second argument is a MD5 digest
of the user credentials. the credentials should be in the form
user:realm:password
before they are hashed. the following Perl one-liner will generate
a suitable digest:
my ($status, $response) = $r->get_digest_auth_response;
return $status unless $status == OK;
my $digest = my_get_user_credentials_routine($r->user, $r->auth_name);
return OK if $r->compare_digest_response($response, $digest);
$r->note_digest_auth_failure;
return AUTH_REQUIRED;
Apache-AuthPOP3
view release on metacpan or search on metacpan
lib/Apache/AuthPOP3.pm view on Meta::CPAN
$r->push_handlers(PerlAuthzHandler => \&authorize);
# check if MailHost config variable is present
return MP2 ? Apache2::Const::DECLINED() : Apache::Constants::DECLINED() unless (my $mailhost = $r->dir_config('MailHost'));
# get user's authentication credentials
my ($res, $passwd_sent) = $r->get_basic_auth_pw;
return $res if (MP2 and $res != Apache2::Const::OK() or !MP2 and $res != Apache::Constants::OK());
my $user_sent = $r->user;
my $reason = authenticate($mailhost, $user_sent, $passwd_sent);
Apache-AuthTicket
view release on metacpan or search on metacpan
lib/Apache/AuthTicket/Base.pm view on Meta::CPAN
$CONFIG{$auth_name}{$_} = $conf->{$_};
}
});
}
# check credentials and return a session key if valid
# return undef if invalid
sub authen_cred {
my ($class, $r, $user, $pass) = @_;
my $self = $class->new($r);
if ($self->check_credentials($user, $pass)) {
return $self->make_ticket($user);
}
else {
return undef;
}
lib/Apache/AuthTicket/Base.pm view on Meta::CPAN
or die "DBI Connect failure: ", DBI->errstr, "\n";
return $dbh;
}
sub check_credentials {
my ($self, $user, $password) = @_;
my ($table, $user_field, $pass_field) = $self->user_table;
my ($stmt, @bind) =
lib/Apache/AuthTicket/Base.pm view on Meta::CPAN
my $dbh = $self->dbi_connect
Returns a new connection to the database
=head2 check_credentials
my $ok = $self->check_credentials($username, $password)
Return C<true> if the credentials are valid
=head2 fetch_secret
my ($value, $version) = $self->fetch_secret;
my ($value) = $self->fetch_secret($version)
Apache-AuthenMT
view release on metacpan or search on metacpan
AuthenMT.pm view on Meta::CPAN
sub handler {
my $r = shift;
my $MT_DIR = $r->dir_config("MT_DIR");
my $reason;
# get user's authentication credentials
my($res, $sent_pw) = $r->get_basic_auth_pw;
return $res if $res != OK;
my $user = $r->connection->user;
# start up Movable Type
Apache-AuthenN2
view release on metacpan or search on metacpan
AuthenN2.pm view on Meta::CPAN
Apache::AuthenN2 - Authenticate into the NT and NIS+ domains
=head1 SYNOPSIS
Allow windows and unix users to use their familiar credentials to
gain authenticated access to restricted applications and files
offered via apache.
#httpd.conf
<Files *challenge*>
AuthenN2.pm view on Meta::CPAN
boost average apparent performance because the nt population is much
larger than the unix population at the author's company. If your
population has an opposite demographic, feel free to reverse the
order of checking.
Note that this scheme is quite permissive. Valid nt credentials
against any of the controllers or domains, or valid nis+ credentials
will allow access. This multiplies exposure to poorly selected
passwords.
<Files *challenge*> is just a way of specifying which files should be
protected by this authenticator. In this example, a script named
AuthenN2.pm view on Meta::CPAN
read on if you care about nt/nis+ server load, network performance,
or response time (as the user perceives it).
_Every_ time a protected file is requested, this handler is invoked.
Depending on your configuration (how many controllers and default
domains you specify), and where the matching credentials are, it can
take a while. This adds to your network and server load, as well as
bothering some users with the wait. It makes sense to cache valid
credentials in memory so as to avoid invoking this expensive module
every time. Luckily, Jason Bodnar already created AuthenCache.
Although written with AuthenDBI in mind, it works beautifully in this
case as well. It is _highly_ recommended. After installing it, you
need a few more lines in httpd.conf; to expand on the above example:
Apache-AuthenNTLM
view release on metacpan or search on metacpan
AuthenNTLM.pm view on Meta::CPAN
=head1 DESCRIPTION
The purpose of this module is to perform a user authentication via Microsoft's
NTLM protocol. This protocol is supported by all versions of the Internet
Explorer and is mainly useful for intranets. Depending on your preferences
setting IE will supply your windows logon credentials to the web server
when the server asks for NTLM authentication. This saves the user to type in
his/her password again.
The NTLM protocol performs a challenge/response to exchange a random number
(nonce) and get back a md4 hash, which is built from the user's password
AuthenNTLM.pm view on Meta::CPAN
In case you do not authenticate against a windows machine, you simply need
to set $self -> {nonce} to a 8 byte random string. Returns undef on error.
=head2 $self -> verify_user ($r)
Should verify that the given user supplied the right credentials. Input:
=over
=item $self -> {basic}
Apache-AuthenPasswdSrv
view release on metacpan or search on metacpan
AuthenPasswdSrv.pm view on Meta::CPAN
Perl5.004_04, mod_perl 1.15
=head1 DESCRIPTION
B<Apache::AuthenPasswdSrv> is a mod_perl Authentication handler that
checks a users credentials against a domain socket server. The included
server, B<passwd_srv.pl>, checks a username and password against an NIS
database using Net::NIS and ypmatch. This release is very alpha. The
server protocol is not documented and transaction format will change.
The system has been running under light load at my office for about a
month now, and no problems are know with the current release.
( run in 1.195 second using v1.01-cache-2.11-cpan-a5abf4f5562 )