view release on metacpan or search on metacpan
AuthzUserDir.pm view on Meta::CPAN
sub handler {
my $r = shift;
my $requires = $r->requires;
return OK unless $requires;
# get user's authentication credentials
my ($res, $sent_pw) = $r->get_basic_auth_pw;
return $res if $res != OK;
my $user = $r->connection->user;
view all matches for this distribution
view release on metacpan or search on metacpan
AutoLogin.pm view on Meta::CPAN
$log->error("Encryption key must by 256 bits long (32 characters)");
return SERVER_ERROR;
}
# Let's get the authorization headers out of the client's request
my $credentials='';
my $user='';
my $password='';
my $auth_header=$r->headers_in->get('Authorization');
if (defined $auth_header)
{
$credentials =(split / /, $auth_header)[-1];
($user, $password) = split /:/, MIME::Base64::decode($credentials),2;
}
$log->info("header $user from $client_identifier");
# Look for any cookies
AutoLogin.pm view on Meta::CPAN
# DECLINED zur?ckgeben, damit Apache weitermacht.
return DECLINED;
}
# Get the credentials out of the cookie
my %auth_cookie=$cookiejar{$auth_name}->value;
my $decrypted_string=decrypt_aes(decode_base64($auth_cookie{Basic}),$encryption_key);
my ($c_user,$c_password,$c_client_ip,$c_date)=split (/:/, $decrypted_string , 4);
AutoLogin.pm view on Meta::CPAN
else
{
$log->info("Client $client_identifier has furnished an invalid cookie.");
}
# If the client sent any http authentication credentials lets write them to a cookie
if ($user ne '' && $password ne '') {
setCookie($r,$user,$password,$client_identifier,$cookie_lifetime,$encryption_key);
}
# Else write the credentials within the cookie into the http header
else {
# But only if there IS something in the cookie!
if ($decrypted_string ne '' and $c_user ne '' and $c_password ne '') {
my $credentials=MIME::Base64::encode(join(":",$c_user,$c_password));
$r->headers_in->set(Authorization => "Basic $credentials");
}
}
# Return DECLINED
return DECLINED;
AutoLogin.pm view on Meta::CPAN
while($char ne ':' and $char ne '')
{
$char=chop($decrypted);
}
## If char is eq to '' then there were no credentials, etc. in the string...
if ($char eq '')
{
return '';
}
AutoLogin.pm view on Meta::CPAN
Apache::AutoLogin is a mod_perl module for convenience of the users. It is NO authentication module so far, authentication is up to other auth basic modules of any flavour.
Apache::AutoLogin does basically the following:
If a client connects for the first time, grab it's request and look for an Apache::AutoLogin cookie. If there is such a cookie, extract the credentials, add them to the http headers for later use by the authentication module. During such a session, t...
If the client sends an authorization header, then one of two things happened: There was no cookie for supplying the credentials or the cookie or the credentials were invalid. Then we basically take the credentials from the client's header and store t...
If a client wants to log out, he / she has to invoke a predefined page of any flavour and we will set in invalid cookie to erase the credentials.
=head2 Who should use it?
Anyone who relies on basic authentication and does not want the users to authenticate everytime they point their browser to the restricted website. Especially useful for company intranets.
=head2 Security aspects
The cookie itself is AES256 encrypted using Crypt::Rjindael and features a md5 checksum of the data. Furthermore, some information about the client the cookie was issued for is stored as well (IP address, user-agent, hostname), which should make it m...
Anyways, although cracking of the cookie is almost unfeasable with todays computing powers, be aware that this module is for convenience only. It does not give you any additional security (well a bit perhaps) over traditional basic authentication, wh...
Although the cookie can be regarded as secure, the security of it's use stands and falls with the security of the computer it is stored on. If your users do not have personal accounts on their computers, forget about using it.
=head1 Apache configuration directives
view all matches for this distribution
view release on metacpan or search on metacpan
lib/Apache/AxKit/Plugin/Session.pm view on Meta::CPAN
$destination = $mr->uri;
}
$self->debug(1,"destination = '$destination'");
# Get the credentials from the data posted by the client, if any.
my @credentials;
while (exists $$args{"credential_" . ($#credentials + 1)}) {
$self->debug(2,"credential_" . ($#credentials + 1) . "= '" .$$args{"credential_" . ($#credentials + 1)} . "'");
push(@credentials, $$args{"credential_" . ($#credentials + 1)});
}
# convert post to get
if ($r->method eq 'POST') {
$r->method('GET');
lib/Apache/AxKit/Plugin/Session.pm view on Meta::CPAN
}
$r->no_cache(1) unless $r->dir_config($auth_name.'Cache');
# Exchange the credentials for a session key.
my ($ses_key, $error_message) = $self->authen_cred($r, @credentials);
# Get the uri so can adjust path, and to redirect including the query string
unless ($ses_key) {
lib/Apache/AxKit/Plugin/Session.pm view on Meta::CPAN
return $session;
}
# this is a NO-OP! Don't use this one (or ->login) directly,
# unless you have verified the credentials yourself or don't
# want user logins
sub authen_cred($$\@) {
my ($self, $r, @credentials) = @_;
$self->debug(3,"--------- authen_cred(".join(',',@_).")");
my ($session, $err) = $self->_get_session($r);
return (undef, $err) if $err;
$$session{'auth_access_user'} = $credentials[0] if defined $credentials[0];
$r->pnotes('SESSION',$session);
return $$session{'_session_id'};
}
sub authen_ses_key($$$) {
view all matches for this distribution
view release on metacpan or search on metacpan
MYSQL_HOST
the database host. If omitted "localhost" is used.
MYSQL_USER, MYSQL_PASSWD
you credentials.
My "make test" command looks like:
MYSQL1=dbitest1 MYSQL2=dbitest2 make test
view all matches for this distribution
view release on metacpan or search on metacpan
lib/Apache/Emulator/Apache.pm view on Meta::CPAN
#
# Try to get as much info as possible from CGI.pm, which has
# workarounds for things like the IIS PATH_INFO bug.
#
$self->{headers_in} ||= Apache::Table->new
( 'Authorization' => $self->{query}->auth_type, # No credentials though.
'Content-Length' => $ENV{CONTENT_LENGTH},
'Content-Type' =>
( $self->{query}->can('content_type') ?
$self->{query}->content_type :
$ENV{CONTENT_TYPE}
view all matches for this distribution
view release on metacpan or search on metacpan
Client/httunnel view on Meta::CPAN
return $this ;
}
sub get_basic_credentials {
my $this = shift ;
my $realm = shift ;
my $uri = shift ;
my $proxy = shift ;
view all matches for this distribution
view release on metacpan or search on metacpan
MultiAuth.pm view on Meta::CPAN
Apache::MultiAuth - Choose from a number of authentication modules at runtime
=head1 SYNOPSIS
Put lines like this in your httpd.conf. In this example authorization is requested
for accessing the directory /test. First the credentials (username, password) are
checked against the module Apache::AuthSybase and then against the module
Apache::AuthenSmb. If any of them succeeds, access to /test is granted.
# in httpd.conf
# Important : if not set apachectl configtest will complain about syntax errors
MultiAuth.pm view on Meta::CPAN
Apache::MultiAuth allows you to specify multiple authentication
modules, to be tried in order. If any module in the list returns OK,
then the user is considered authenticated; if none return OK, then the
MultiAuth module returns AUTH_REQUIRED and the user is reprompted for
credentials. This, depending on the browser, results in a 401 authorization
required message.
This is useful for cases where, for example, you have several
authentication schemes: for example, NIS, SMB, and htpasswd, and some
of your users are only registered in some of the auth databases.
view all matches for this distribution
view release on metacpan or search on metacpan
docsrc/reference.xml view on Meta::CPAN
</refentry>
<refentry id="model.api.pkit_auth_credential">
<refnamediv>
<refname>pkit_auth_credential</refname>
<refpurpose>
Verifies login credentials and returns session key
</refpurpose>
</refnamediv>
<refsynopsisdiv>
<synopsis>
sub pkit_auth_credential {
docsrc/reference.xml view on Meta::CPAN
</synopsis>
</refsynopsisdiv>
<refsect1>
<title>Description</title>
<para>
Verifies the user-supplied credentials and return a session key. The
session key is a string that is stored on the user's computer using cookies.
Often you'll use the user ID and a MD5 hash of a a secret key, user ID, password.
</para>
<para>
Note that the string returned should not contain any commas, spaces, or semi-colons.
view all matches for this distribution
view release on metacpan or search on metacpan
ProxyRewrite.pm view on Meta::CPAN
=over 4
=item B<ProxyAuthInfo>
Authorization information for proxied requests. This string must
conform to the credentials string defined in section 11 of RFC
2068.
=back
=over 4
=item B<ProxyAuthRedirect>
If the credentials supplied in the ProxyAuthInfo directive are
insufficient and if ProxyAuthRedirect is set to On, the proxy
server will redirect the client directly to the backend host. If
ProxyAuthRedirect is set to Off (the default), the proxy server
will challenge the client on the remote server's behalf.
view all matches for this distribution
view release on metacpan or search on metacpan
return REDIRECT;
}
return DECLINED;
}
## authenticate user & issue credentials
sub issue ($$) {
my($self, $r) = @_;
my $log = $r->log;
my($resp, $msg);
unless ($resp->{uri}) { return SERVER_ERROR; }
$r->header_out(Location => $resp->{uri});
return REDIRECT;
}
## renew credentials
sub renew ($$) {
my($self, $r) = @_;
my $log = $r->log;
my($cred, $resp, $msg);
$log->debug(ref($self), "->renew():");
$cred = $self->getCredentials($r);
$resp = $self->validateCredentials($r, $cred);
unless (ref($resp)) { $log->error($resp); return SERVER_ERROR; }
unless ($resp->{renew}) { # make sure credentials are sufficiently fresh
$log->warn("Timeout before renewal."); # or replay attempt?
if ($msg = $resp->{message}) { $log->info($msg); }
unless ($resp->{uri}) { return SERVER_ERROR; }
$r->header_out(Location => $resp->{uri});
return REDIRECT;
unless ($resp->{uri}) { return SERVER_ERROR; }
$r->header_out(Location => $resp->{uri});
return REDIRECT;
}
## delete credentials
sub delete ($$) {
my($self, $r) = @_;
my $log = $r->log;
my($resp, $msg);
unless ($r->dir_config('SecSess::AllowRemoteAdmin') eq 'true') {
$log->error('Remote administration not permitted.');
return FORBIDDEN;
}
## get credentials and validate them in usual way
$cred = $self->getCredentials($r);
$resp = $self->validateCredentials($r, $cred);
if (ref($resp)) {
if ($msg = $resp->{message}) { $log->info($msg); }
unless ($resp->{uri}) { return SERVER_ERROR; }
unless ($uri = $resp->{uri}) { return SERVER_ERROR; }
$r->header_out(Location => $uri);
return REDIRECT;
}
## every looks good, set uid and issue new credentials
$r->user($uid);
$resp = $self->issueCredentials($r);
unless (ref($resp)) { $log->error($resp); return SERVER_ERROR; }
if ($msg = $resp->{message}) { $log->info($msg); }
unless ($resp->{uri}) { return SERVER_ERROR; }
#
# routines
#
## validate common hash credentials from
sub validateCredentials {
my $self = shift;
my($r, $cred) = @_;
my $log = $r->log;
my($uri, $requri, $resp, $uid);
$log->debug(ref($self), "->validateCredentials():");
## were illegitimate credentials found?
unless (defined($cred)) { # probably a key-change, treat as timeout
# but possibly tampering, so log as warning
$log->warn("Decryption Error");
$uri = $self->timeoutURL;
return {
message => "Decryption failure, redirecting to '$uri'.",
uri => "$uri?type=notvalid"
};
}
## were any credentials found at all?
unless (ref($cred)) {
$uri = sprintf('%s?url=%s',
$self->authenURL,
$self->requested_uri($r)
);
}
if ($t > $ts + 60*$renew) { # renew
$uri = $self->renewURL;
$requri = $self->requested_uri($r);
return {
message => "Renewing credentials for user '$uid'.",
renew => 'true',
uri => "$uri?url=$requri"
};
}
| `--URL
`-URL
`---Cookie
SecSess contains (in addition to common code) all Apache phase handlers
(Currently only PerlAuthenHandler are needed). At this level credentials
and status are considered opaque objects. The important methods are:
->authen() Used to protect underlying resources. Checks credentials for freshness and validity.
->issue() Used as the "initial" identity authentication before issuing credentials (cookies or mangled URLs) used by ->authen().
->renew() Will re-issue credentials if proper conditions are satisfied
->delete() Will delete credentials where relevant (i.e. deletes cookies).
At one level beneath SecSess (SecSess::Cookie.pm and SecSess::URL.pm),
are the methods for interpreting and manipulating credentials.
At the lowest level, are subclasses which "know" how to interpret the
*initial* identifying information during the issuance of credentials.
So, *::Cookie::LoginForm presents the client with a user/password
login form for identification. And thus the difference between
*::Cookie::URL and *::URL::Cookie is that the former will issue cookies
after validating an URL credential, and the latter will "issue" an URL
credential (typically it will redirect to a resource with realm=cred in
Cookie Credentials: (defined in Apache::SecSess::Cookie):
realm:qop,authqop=E_k(md5(hash),hash)
The string 'realm' is any symbol (without obvious special characters
':', '=', etc) which is used to identify cooperating security services,
thus providing a way to put credentials into their own namespace.
The 'hash' is a string representation of a Perl hash of the form:
hash = {uid => str, timestamp => int, qop => int, authqop => int}
See README and Wrapper.pm for further details.
=head2 Credential Arguments
authRealm => <realm>
Defines string 'realm' as identifying tag for credentials as described
above in CREDENTIAL FORMAT.
secretFile => <filename>
The first line of this file is used to create the secret encryption
key for credentials as described above in CREDENTIAL FORMAT. This
secret key is never given to users and should never leave the system
servers.
=head2 Timing Arguments
=head2 Quality of Protection Arguments
minSessQOP => 128, minAuthQOP => 128, authQOP => 128, sessQOP => 128
When credentials are validated during a request, two checks of the
qualities of protection (QOP's) are made, namely that
qop >= minSessQOP
and
authqop >= minAuthQOP
where qop and authqop indicate the session and user authentication
protection or strength roughly measured in bits. They are the signed
values appearing *inside* the credential hash described above. In the
case of cookies, where multiple credentials with different security
levels are may be present at request time, only the strongest credentials
are used to make this determination. (The cleartext pairs (qop,authqop)
are sorted lexicographically to determine which cookies to use. The
cleartext values are not trusted.)
The QOP parameters are separated to allow flexibility in the threat model.
authentication, say with a 20-bit PIN or one-time password. Scientific
cryptography cannot always afford to distinguish between an attack which
costs 2^20 computations and one which succeeds with probability 1/2^20,
because with 1 million users, the two situations are identical. But, for
practical risk assessment, it may be perfectly acceptable to trade strong
session credentials for weak login credentials.
The values of qop and authqop issued are determined by the
Apache::SecSess object in all cases. For URL credentials they come
directly from arguments sessQOP and authQOP, respectively. For cookie
credentials, they come from the hash keys of the argument cookieDomain
described below.
Note that no attempt is made to check the correctness of the QOP
settings against the values of the httpd.conf directive SSLCipherSuite.
This would be mistake in fact because the session strength is dependent
These have the obvious meaning and must agree in host, scheme, and
path with the corresponding Apache directives, as shown in the EXAMPLE
section. Generally for example,
authenURL => Where to go to get the appropriate credentials for a requested
resource.
defaultURL => Where to go after logging in (if no initial request was made).
timeoutURL => Where to go to delete credentials. Timeouts and signouts
are both sent here.
=head2 URL Chaining Arguments
chainURLS => <arrayref>, issueURL => <string>
Apache::SecSess is designed to use cookies for most local authentication. By
their definition, cookies are restricted to a host, a DNS domain or subdomain.
The subclass Apache::SecSess::URL, which allows you to span authentication
across DNS domains, requires additional arguments to accomplish this. The
argument chainURLS expects an array reference which defines a list of places
to go for more (typically cookie) credentials. For example,
chainURLS => [
'https://milt.sec.acme.com/authen',
'https://noam.acme.org/authen'
]
says that when URL credentials are issued, the client will be redirected
to each of the specified sites, in turn. Each of these is expected to
be protected by a PerlAuthenHandler of type Apache::SecSess::Cookie::URL,
which will issue local cookies.
The argument issueURL is used to tell the remote sites (listed in chainURLS
renewURL => 'https://tom.acme.com/renew',
timeoutURL => 'https://tom.acme.com/signout/timeout.html',
errorURL => 'http://tom.acme.com/error.html'
);
Now, on the host which issues credentials, (tom.acme.com in this example),
add the following additional Apache directives to http.conf:
## issues cookies
<Location /authen>
SetHandler perl-script
view all matches for this distribution
view release on metacpan or search on metacpan
lib/Apache/Session/Browseable/Store/LDAP.pm view on Meta::CPAN
$self->logError($start_tls);
return;
}
}
# Bind with credentials
my $bind = $ldap->bind( $self->{args}->{ldapBindDN},
password => $self->{args}->{ldapBindPassword} );
if ( $bind->code ) {
$self->logError($bind);
return;
view all matches for this distribution
view release on metacpan or search on metacpan
lib/Apache/Session/Store/LDAP.pm view on Meta::CPAN
$self->logError($start_tls);
return;
}
}
# Bind with credentials
my $bind = $ldap->bind( $self->{args}->{ldapBindDN},
password => $self->{args}->{ldapBindPassword} );
if ( $bind->code ) {
$self->logError($bind);
return;
view all matches for this distribution
view release on metacpan or search on metacpan
lib/Apache/SiteControl.pm view on Meta::CPAN
my $ok;
# Load the user authentication module
eval "require $checker" or $r->log_error("Could not load $checker: $@");
eval "require $factory" or $r->log_error("Could not load $factory: $@");
eval '$ok = ' . ${checker} . '::check_credentials($r, @cred)' or $r->log_error("authentication error code: $@");
if($ok) {
eval('$user = ' . "$factory" . '->makeUser($r, @cred)');
if($@) {
$r->log_error("Error reported during call to ${factory}->makeUser: $@");
view all matches for this distribution
view release on metacpan or search on metacpan
lib/Apache/Sling/Authn.pm view on Meta::CPAN
if ( $authn->{'Type'} eq 'basic' ) {
if ($check_basic) {
my $success = $authn->basic_login();
if ( !$success ) {
# Reset credentials:
$authn->{'Username'} = $old_username;
$authn->{'Password'} = $old_password;
$authn->{'Type'} = $old_type;
croak
"Basic Auth log in for user \"$new_username\" at URL \""
lib/Apache/Sling/Authn.pm view on Meta::CPAN
$authn->{'Message'} = 'Fast User Switch completed!';
}
}
else {
# Reset credentials:
$authn->{'Username'} = $old_username;
$authn->{'Password'} = $old_password;
$authn->{'Type'} = $old_type;
croak "Unsupported auth type: \"$type\"\n";
}
view all matches for this distribution
view release on metacpan or search on metacpan
lib/Apache/TestRequest.pm view on Meta::CPAN
# Return user setting or our internal calculation.
return $RedirectOK if defined $RedirectOK;
return $REDIR;
}
my %credentials;
#subclass LWP::UserAgent
sub new {
my $self = shift->SUPER::new(@_);
lib/Apache/TestRequest.pm view on Meta::CPAN
$self->timeout(UA_TIMEOUT);
$self;
}
sub credentials {
my $self = shift;
return $self->get_basic_credentials(@_);
}
sub get_basic_credentials {
my($self, $realm, $uri, $proxy) = @_;
for ($realm, '__ALL__') {
next unless $_ && $credentials{$_};
return @{ $credentials{$_} };
}
return (undef,undef);
}
lib/Apache/TestRequest.pm view on Meta::CPAN
lwp_debug() if $ENV{APACHE_TEST_DEBUG_LWP};
}
my($pass, $keep) = Apache::TestConfig::filter_args(\@_, \%wanted_args);
%credentials = ();
if (defined $keep->{username}) {
$credentials{$keep->{realm} || '__ALL__'} =
[$keep->{username}, $keep->{password}];
}
if (defined(my $content = $keep->{content})) {
if ($content eq '-') {
$content = join '', <STDIN>;
view all matches for this distribution
view release on metacpan or search on metacpan
lib/Apache/TopicMaps.pm view on Meta::CPAN
my $tmc = 0;
sub redirect_ok {0}
#sub get_basic_credentials
#{
# return ("user","pass");
#}
#TM::set_trace("*");
view all matches for this distribution
view release on metacpan or search on metacpan
Wyrd/Services/Auth.pm view on Meta::CPAN
Auth provides a secure cookies-based login system for a Wyrd-enabled server
that might not itself be equipped with SSL. It can do so if provided a
connection to an SSL-enabled Apache server with an
C<Apache::Wyrd::Services::LoginServer> available on a secure port. It uses
a standard SSL channel to circumvent an unauthorized party from obtaining
login credentials (username/password) by packet-sniffing.
To do so, it maintains a cookie-based authorization scheme which is
implemented using stacked handlers. It handles authorization by login
and/or cookie, and passes the user information to handlers down the
stack via mod_perl's C<notes> table. The Auth module should be the
Wyrd/Services/Auth.pm view on Meta::CPAN
}
$debug && warn("Cookie value before decrypt: " . $auth_cookie);
$user_info = ${$cr->decrypt(\$auth_cookie)};
$debug && warn("Cookie value: " . $user_info);
$user=$self->revive($user_info);
if (($user_info and not($user->check_credentials)) or ($auth_cookie and not($user_info)) or ($auth_cookie and not($ip_ok))) {
my $cookie = Apache::Wyrd::Cookie->new(
$req,
-name=>'auth_cookie',
-value=> '',
-domain=>$req->hostname,
Wyrd/Services/Auth.pm view on Meta::CPAN
=item Debug
Dump debugging information to the Error Log (0 for default no, 1 for yes).
Note that if the log is not secure, this may compromise the users'
credentials.
=item TieAddr
Require a fixed client address for the session (less compatible with some
ISPs) (0 for default no, 1 for yes)
view all matches for this distribution
view release on metacpan or search on metacpan
lib/Apache/iNcom/UserDBAuthen.pm view on Meta::CPAN
return Apache::iNcom::return_error( $r, AUTH_REQUIRED );
}
} else {
# Get user credentials
my ( $rc, $passwd ) = $r->get_basic_auth_pw();
return $rc if $rc != OK;
# Get the username
my $username = $r->connection->user;
view all matches for this distribution
view release on metacpan or search on metacpan
lib/Apache2/API/Request.pm view on Meta::CPAN
return( $self->{_server_version} );
}
return( '' );
}
# e.g. set_basic_credentials( $user, $password );
sub set_basic_credentials { return( shift->_try( 'request', 'set_basic_credentials', @_ ) ); }
# set_handlers( PerlCleanupHandler => [] );
# $ok = $r->set_handlers($hook_name => \&handler);
# $ok = $r->set_handlers($hook_name => ['Foo::Bar::handler', \&handler2]);
# $ok = $r->set_handlers($hook_name => []);
lib/Apache2/API/Request.pm view on Meta::CPAN
my $port = $req->server_port;
my $proto = $req->server_protocol;
my $sig = $req->server_signature;
my $software = $req->server_software;
my $vers = $req->server_version;
$req->set_basic_credentials( $user => $password );
$req->set_handlers( $name => $code_ref );
my $data = $req->slurp_filename;
# Apache2::Connection object
my $socket = $req->socket;
my $status = $req->status;
lib/Apache2/API/Request.pm view on Meta::CPAN
Sets or gets the current Authorization realm, i.e. the per directory configuration directive C<AuthName>
The C<AuthName> directive creates protection realm within the server document space. To quote RFC 1945 "These realms allow the protected resources on a server to be partitioned into a set of protection spaces, each with its own authentication scheme ...
The client uses the root URL of the server to determine which authentication credentials to send with each HTTP request. These credentials are tagged with the name of the authentication realm that created them. Then during the authentication stage th...
=head2 auth_type
my $auth_type = $req->auth_type();
my $auth_type = $req->auth_type( $new_auth_type );
lib/Apache2/API/Request.pm view on Meta::CPAN
and extract the version.
It returns the version found as a L<version> object, or an empty string if nothing could be found.
=head2 set_basic_credentials
Provided with a user name and a password, this populates the incoming request headers table (C<headers_in>) with authentication headers for Basic Authorization as if the client has submitted those in first place:
$req->set_basic_credentials( $username, $password );
See L<Apache2::RequestUtil> for more information.
=head2 set_handlers
view all matches for this distribution
view release on metacpan or search on metacpan
lib/Apache2/ASP/API.pm view on Meta::CPAN
});
# Assuming $Session->{user} is set upon successful login:
unless( $api->session->{user} )
{
die "Invalid credentials";
}# end unless()
... continue uploading files ...
Or...you could even subclass the API with your own:
lib/Apache2/ASP/API.pm view on Meta::CPAN
});
# Assuming $Session->{user} is set upon successful login:
unless( $api->session->{user} )
{
die "Invalid credentials";
}# end unless()
return 1;
}# end login()
view all matches for this distribution
view release on metacpan or search on metacpan
lib/Apache2/AuthCAS.pm view on Meta::CPAN
DBI
DBD::<module name> (i.e. DBD::Pg)
=head2 Proxiable Credentials
This module can be optionally configured to use proxy credentials. This is
enabled by setting the I<CASService> and I<CASProxyService> configuration
parameters.
=head2 Examples
Example configuration without proxiable credentials:
AuthType Apache2::AuthCAS
AuthName "CAS"
PerlAuthenHandler Apache2::AuthCAS->authenticate
require valid-user
lib/Apache2/AuthCAS.pm view on Meta::CPAN
CASHost "auth.yourdomain.com"
CASErrorURL "https://yourdomain.com/cas/error/"
CASDbDataSource "dbname=cas;host=dbhost.yourdomain.com;port=5432"
Example configuration without proxiable credentials, using custom database
parameters:
AuthType Apache2::AuthCAS
AuthName "CAS"
PerlAuthenHandler Apache2::AuthCAS->authenticate
lib/Apache2/AuthCAS.pm view on Meta::CPAN
CASDbUser "cas_user"
CASDbPass "cas_pass"
CASDbSessionTable "cas_sessions_service1"
Example configuration with proxiable credentials:
AuthType Apache2::AuthCAS
AuthName "CAS"
PerlAuthenHandler Apache2::AuthCAS->authenticate
require valid-user
CASService "https://yourdomain.com/email/"
CASProxyService "mail.yourdomain.com"
Example configuration with proxiable credentials, using custom database parameters:
AuthType Apache2::AuthCAS
AuthName "CAS"
PerlAuthenHandler Apache2::AuthCAS->authenticate
require valid-user
view all matches for this distribution
view release on metacpan or search on metacpan
lib/Apache2/AuthCASpbh.pm view on Meta::CPAN
The URL component added after the AuthCAS_ServerURL value to access the CAS
proxy ticket issuing service; by default "/proxy".
=item C<AuthCAS_ProxyRequire>
If proxied authentication is enabled, only allow access via proxy credentials,
not direct access by a user; by default disabled.
=item C<AuthCAS_ProxyValidatePath>
The URL component added after the AuthCAS_ServerURL value to access the CAS
view all matches for this distribution
view release on metacpan or search on metacpan
lib/Apache2/AuthCookieDBI.pm view on Meta::CPAN
=head1 CLASS METHODS
=head2 authen_cred($r, $user, $password, @extra_data)
Take the credentials for a user and check that they match; if so, return
a new session key for this user that can be stored in the cookie.
If there is a problem, return a bogus session key.
=head2 authen_ses_key($r, $encrypted_session_key)
view all matches for this distribution
view release on metacpan or search on metacpan
lib/Apache2/AuthCookieDBImg.pm view on Meta::CPAN
=back
=cut
sub extra_session_info ($$\@) {
my ($self, $r, @credentials) = @_;
return '';
}
#-------------------------------------------------------------------------------
# Take the credentials for a user and check that they match; if so, return
# a new session key for this user that can be stored in the cookie.
# If there is a problem, return a bogus session key.
sub authen_cred($$\@)
{
my( $self, $r, @credentials ) = @_;
my $auth_name = $r->auth_name;
# Username goes in credential_0
my $user = shift @credentials;
unless ( $user =~ /^.+$/ ) {
$r->log_error( "Apache2::AuthCookieDBI: no username supplied for auth realm $auth_name", $r->uri );
return undef;
}
# Password goes in credential_1
my $password = shift @credentials;
unless ( $password =~ /^.+$/ ) {
$r->log_error( "Apache2::AuthCookieDBI: no password supplied for auth realm $auth_name", $r->uri );
return undef;
}
# CSA Patch - Use global var
# needed later for authen_sess_key
# to keep cookie alive
#
# Extra data can be put in credential_2, _3, etc.
# my @extra_data = @credentials;
@Extra_Data = @credentials;
# get the configuration information.
my %c = _dbi_config_vars $r;
# get the crypted password from the users database for this user.
view all matches for this distribution
view release on metacpan or search on metacpan
lib/Apache2/AuthCookieLDAP.pm view on Meta::CPAN
This module acts as an authentication handler under Apache2 environment.
It uses Apache2::AuthCookie as the base class and serves as a backend to
provide user authentication against an LDAP server.
Make sure that you have got a reachable LDAP server and credentials to access it
(ldapuri, base, binddn/bindpw or anonymous bind).
When there is an attempt to access a "protected" directory or location
that has 'require valid-user' option included Apache2::AuthCookieLDAP is used
as the authentication and the authorization handler. It takes a pair of
view all matches for this distribution
view release on metacpan or search on metacpan
AuthTicketLDAP.pm view on Meta::CPAN
}
return undef;
}
sub check_credentials {
my ($self, $user, $password) = @_;
my ($entry, $mesg);
# 1) check_ldap_cache for UID entry. Avoids anonymous search.
# 2) if not in cache, run a search and cache the result
# 3) lastly, bind with supplied password.
view all matches for this distribution
view release on metacpan or search on metacpan
lib/Apache2/AuthNSympa.pm view on Meta::CPAN
Because it's difficult to have an up to date authentication backend, this module aims to authenticate against Sympa mailing lists server.
Sympa mailing lists server has got its own authentication system and can be queried over a SOAP interface.
It is based on a basic HTTP authentication (popup on client side). Once the user has authenticated, the REMOTE_USER environnement var contains the user email address. The authentication module implements a SOAP client that validates user credentials ...
Sample httpd.conf example:
<Directory "/var/www/somwehere">
AuthName SympaAuth
AuthType Basic
view all matches for this distribution
view release on metacpan or search on metacpan
lib/Apache2/Authen/OdinAuth.pm view on Meta::CPAN
# 5) set user; exit now for authed
#
$r->user($cookie_user);
$r->subprocess_env('REMOTE_USER' => $cookie_user);
$r->set_basic_credentials($cookie_user, '*****');
if (ref $allow ne 'ARRAY') {
if ($allow eq 'authed') {
return Apache2::Const::OK;
}
view all matches for this distribution
view release on metacpan or search on metacpan
AuthenNTLM.pm view on Meta::CPAN
=head1 DESCRIPTION
The purpose of this module is to perform a user authentication via Microsoft's
NTLM protocol. This protocol is supported by all versions of the Internet
Explorer and is mainly useful for intranets. Depending on your preferences
setting IE will supply your windows logon credentials to the web server
when the server asks for NTLM authentication. This saves the user to type in
his/her password again.
The NTLM protocol performs a challenge/response to exchange a random number
(nonce) and get back a md4 hash, which is built from the user's password
AuthenNTLM.pm view on Meta::CPAN
In case you do not authenticate against a windows machine, you simply need
to set $self -> {nonce} to a 8 byte random string. Returns undef on error.
=head2 $self -> verify_user ($r)
Should verify that the given user supplied the right credentials. Input:
=over
=item $self -> {basic}
view all matches for this distribution
view release on metacpan or search on metacpan
lib/Apache2/ClickPath/_parse.pm view on Meta::CPAN
{
package Apache2::ClickPath::_parse::UA;
use base 'LWP::UserAgent';
sub get_basic_credentials {
my ($I, $realm, $uri, $isproxy)=@_;
if( $isproxy ) {
return @ENV{qw{HTTP_PROXY_USERNAME HTTP_PROXY_PASSWORD}};
} else {
return @ENV{qw{HTTP_USERNAME HTTP_PASSWORD}};
view all matches for this distribution