Result:
found more than 508 distributions - search limited to the first 2001 files matching your query
( run in 1.020 )
Apache-AuthenLDAP
view release on metacpan or search on metacpan
AuthenLDAP.pm view on Meta::CPAN
my $ldapport = $r->dir_config('AuthenLDAPPort') || 389;
my $uidattrtype = $r->dir_config('AuthenUidAttrType') || "uid";
my $expire = lc($r->dir_config('AuthenExpire')) || 'false';
my $exp_attrtype = $r->dir_config('AuthenExpireAttrType') ||
'passwordIsExpired';
my $exp_lastmodattrtype =
$r->dir_config('AuthenExpireLastModAttrType') ||
'passwordModifyTimestamp';
my $exp_time = $r->dir_config('AuthenExpireTime') ||
186;
my $exp_redirect = $r->dir_config('AuthenExpireRedirect') || '';
$r->log->debug("handler: ",
AuthenLDAP.pm view on Meta::CPAN
"ExpireLastModAttrType - $exp_lastmodattrtype; ",
"ExpireTime - $exp_time; ExpireRedirect - $exp_redirect");
if ($sent_pwd eq "") {
$r->note_basic_auth_failure;
$r->log_reason("user $name: no password supplied", $r->uri);
return AUTH_REQUIRED;
}
# Connect to the server
my $ld;
AuthenLDAP.pm view on Meta::CPAN
# Only want the first if we've received more than one
my $entry = $msg->first_entry;
my $dn = $entry->dn;
# Bind as the user we're authenticating
$msg = $ld->bind($dn, password => $sent_pwd);
unless ($msg->code == LDAP_SUCCESS) {
$r->note_basic_auth_failure;
$r->log_reason("user $name: password mismatch", $r->uri);
return AUTH_REQUIRED;
}
$ld->unbind;
if ($expire eq 'true') {
# Is the password set to expired in LDAP?
if (($entry->get($exp_attrtype))[0] eq 'true') {
$r->log->debug("handler: password flag expired");
$r->custom_response(FORBIDDEN, "$exp_redirect");
return FORBIDDEN;
}
# Has the password passed the age limit?
my ($modyear, $modmonth, $modday) =
(($entry->get($exp_lastmodattrtype))[0] =~ /(\d{4})(\d{2})(\d{2})/);
my ($year, $month, $day) = Today([time]);
if (Date_to_Days($year, $month, $day) -
Date_to_Days($modyear, $modmonth, $modday) > $exp_time) {
$r->log->debug("handler: password age expired");
$r->custom_response(FORBIDDEN, "$exp_redirect");
return FORBIDDEN;
}
}
AuthenLDAP.pm view on Meta::CPAN
=over 4
=item B<AuthenExpireAttrType>
The attribute type name that contains whether or not the password is
expired. By default, AuthenExpireAttrType is passwordIsExpired.
=back
=over 4
=item B<AuthenExpireLastModAttrType>
The attribute type name that contains the password last modified
timestamp in YYYYMMDD format. By default AuthenExpireLastModAttrType
is set to passwordModifyTimestamp.
=back
=over 4
=item B<AuthenExpireTime>
The time in days at which a password expires. By default,
AuthenExpireTime is set to 186.
=back
=over 4
=item B<AuthenExpireRedirect>
The location to which you wish to redirect users whose passwords are
expired. If this value is left blank, the server will respond with a
401 error.
=back
Apache-AuthenMSAD
view release on metacpan or search on metacpan
lib/Apache/AuthenMSAD.pm view on Meta::CPAN
my $r = shift;
# Continue only if the first request.
# return OK unless $r->is_initial_req;
# Grab the password, or return in HTTP_UNAUTHORIZED
my ($res, $pass) = $r->get_basic_auth_pw;
return $res if $res;
my $user = $r->user;
lib/Apache/AuthenMSAD.pm view on Meta::CPAN
my $domain = $r->dir_config('MSADDomain') || "no-domain";
my $server = $r->dir_config('MSADServer') || $domain;
if ($pass eq "") {
$r->note_basic_auth_failure;
$r->log_reason("user - no password supplied",$r->uri);
return Apache::Constants::HTTP_UNAUTHORIZED;
}
if ($user eq "") {
$r->note_basic_auth_failure;
lib/Apache/AuthenMSAD.pm view on Meta::CPAN
$r->note_basic_auth_failure;
$r->log_reason("user - MSAD LDAP Connect Failed",$r->uri);
return Apache::Constants::HTTP_UNAUTHORIZED;
}
my $result= $ldap->bind (dn => "$user\@$domain", password => $pass);
if (!$result || ($result && $result->code)) {
$r->note_basic_auth_failure;
$r->log_reason("user - Active Directory Authen Failed",$r->uri);
return Apache::Constants::HTTP_UNAUTHORIZED;
}
lib/Apache/AuthenMSAD.pm view on Meta::CPAN
It was tested in an production environment to work perfectly.
=head1 BEWARE
This builds on the Net::LDAP interface and as such passes the userid
and password in the clear. We've not been able to get Net::LDAPS to
work with Microsoft Active Directory. If anyone else has we'd dearly
love to hear from them.
=head1 AUTHOR
Apache-AuthenMT
view release on metacpan or search on metacpan
AuthenMT.pm view on Meta::CPAN
my $app = MT::App->new(
Config => $MT_DIR . 'mt.cfg',
Directory => $MT_DIR
) or $reason = MT::App::->errstr;
# check password
$reason = authenticate($r, $user, $sent_pw) unless ($reason);
# reason for failure
if ($reason) {
#$r->note_basic_auth_failure;
AuthenMT.pm view on Meta::CPAN
# authenticated
return OK;
}
# check user and password against Movable Type's database
sub authenticate {
my $r = shift;
my $user = shift;
my $sent_pw = shift;
my $crypted = 0;
# print STDERR "authmt: $user $sent_pw\n";
if (my $author = MT::Author->load({ name => $user })) {
if ($author->is_valid_password($sent_pw, $crypted)) {
return "";
} else {
return "invalid pass";
}
} else {
AuthenMT.pm view on Meta::CPAN
mod_perl auth handler
=item authenticate
This checks the user and password against database.
=back
=head1 VARIABLES
Apache-AuthenN2
view release on metacpan or search on metacpan
AuthenN2.pm view on Meta::CPAN
my $r = shift;
# service only the first internal request
return OK unless $r->is_initial_req;
# get password user entered in browser
my($res, $sent_pwd) = $r->get_basic_auth_pw;
# decline if not basic
return $res if $res;
AuthenN2.pm view on Meta::CPAN
}
# try nis+
# get passwd table name
my $passwd_table = $dir_config->get('NISPlus_Passwd_Table');
# get user password entry
my $pwd_table = Net::NISPlus::Table->new($passwd_table);
unless ($pwd_table){
$r->note_basic_auth_failure;
$r->log_reason($self . ': cannot get nis+ passwd table', $r->uri);
return AUTH_REQUIRED;
AuthenN2.pm view on Meta::CPAN
order of checking.
Note that this scheme is quite permissive. Valid nt credentials
against any of the controllers or domains, or valid nis+ credentials
will allow access. This multiplies exposure to poorly selected
passwords.
<Files *challenge*> is just a way of specifying which files should be
protected by this authenticator. In this example, a script named
newbug-challenge.pl would be protected, regardless of where it is
located in the apache htdocs or cgi directories. If you prefer, you
AuthenN2.pm view on Meta::CPAN
require group eng
require user john larry
</Files>
A couple of tips about AuthenCache: 1 comment out the $r->warn lines
that echo the password to the apache error log (they are fine for
debugging but not good for production), and 2 keep in mind that the
cache has to be established separately in each current httpd child
process, so it does not appear to be working consistently until all
the children know about the user. This is nothing to panic about; we
are just playing the odds: the more active the user is, the more they
Apache-AuthenNIS
view release on metacpan or search on metacpan
AuthenNIS.pm view on Meta::CPAN
return MP2 ? Apache::DECLINED : Apache::Constants::DECLINED;
}
else
{
$r->note_basic_auth_failure;
MP2 ? $r->log_error("Apache::AuthenNIS - user $name: bad password", $r->uri) : $r->log_reason("Apache::AuthenNIS - user $name: bad password", $r->uri);
return MP2 ? Apache::HTTP_UNAUTHORIZED : Apache::Constants::HTTP_UNAUTHORIZED;
}
}
return MP2 ? Apache::OK : Apache::Constants::OK;
AuthenNIS.pm view on Meta::CPAN
adaptation (i.e. I modified the code) of Michael Parker's
(B<parker@austx.tandem.com>) Apache::AuthenSmb module.
The module uses Net::NIS::yp_match to retrieve the "passwd" entry from the
passwd.byname map, using the supplied username as the search key. It then
uses crypt() to verify that the supplied password matches the retrieved
hashed password.
= head2 Apache::AuthenNIS vs. Apache::AuthzNIS
I've taken "authentication" to be meaningful only in terms of a user and
password combination, not group membership. This means that you can use
Apache::AuthenNIS with the B<require user> and B<require valid-user>
directives. In the NIS context I consider B<require group> to be an
"authorization" concern. I.e., Group authorization consists of
establishing whether the already authenticated user is a member of one of
the indicated groups in the B<require group> directive. This process may
Apache-AuthenNISPlus
view release on metacpan or search on metacpan
AuthenNISPlus.pm view on Meta::CPAN
my $r = shift;
# service only the first internal request
return OK unless $r->is_initial_req;
# get password user entered in browser
my ($res, $sent_pwd) = $r->get_basic_auth_pw;
# decline if not basic
return $res if $res;
AuthenNISPlus.pm view on Meta::CPAN
my $dir_config = $r->dir_config;
# get passwd table name
my $passwd_table = $dir_config->get('NISPlus_Passwd_Table');
# get user password entry
my $pwd_table = Net::NISPlus::Table->new($passwd_table);
unless ($pwd_table){
$r->note_basic_auth_failure;
$r->log_reason($self . ': cannot get nis+ passwd table', $r->uri);
return AUTH_REQUIRED;
AuthenNISPlus.pm view on Meta::CPAN
$r->notes($name . 'Group', $group);
unless(crypt($sent_pwd, $pwd) eq $pwd) {
$r->note_basic_auth_failure;
$r->log_reason(
$self . ': user ' . $name . ' password does not match ' .
$passwd_table, $r->uri
);
return AUTH_REQUIRED;
}
$r->push_handlers(PerlAuthzHandler => \&authz);
Apache-AuthenNTLM
view release on metacpan or search on metacpan
AuthenNTLM.pm view on Meta::CPAN
print STDERR "[$$] AuthenNTLM: Verify user $self->{username} via smb server\n" if ($debug) ;
if ($self -> {basic})
{
$rc = Authen::Smb::Valid_User_Auth ($self -> {smbhandle}, $self->{username}, $self -> {password}) ;
}
else
{
$rc = Authen::Smb::Valid_User_Auth ($self -> {smbhandle}, $self->{username}, $self -> {usernthash}, 1, $self->{userdomain}) ;
}
AuthenNTLM.pm view on Meta::CPAN
$self -> {smbhandle} = undef ;
$self -> {lock} = undef ;
if ($rc == &Authen::Smb::NTV_LOGON_ERROR)
{
MP2 ? $r->log_error("Wrong password/user (rc=$rc/$errno/$smberr): $self->{userdomain}\\$self->{username} for " . $r -> uri) : $r->log_reason("Wrong password/user (rc=$rc/$errno/$smberr): $self->{userdomain}\\$self->{username} for " . $r -> ur...
print STDERR "[$$] AuthenNTLM: rc = $rc ntlmhash = $self->{usernthash}\n" if ($debug) ;
return ;
}
if ($rc)
AuthenNTLM.pm view on Meta::CPAN
sub get_basic
{
my ($self, $r, $data) = @_ ;
($self -> {username}, $self -> {password}) = split (/:/, $data) ;
my ($domain, $username) = split (/\\|\//, $self -> {username}) ;
if ($username)
{
$self -> {domain} = $domain ;
AuthenNTLM.pm view on Meta::CPAN
The purpose of this module is to perform a user authentication via Microsoft's
NTLM protocol. This protocol is supported by all versions of the Internet
Explorer and is mainly useful for intranets. Depending on your preferences
setting IE will supply your windows logon credentials to the web server
when the server asks for NTLM authentication. This saves the user to type in
his/her password again.
The NTLM protocol performs a challenge/response to exchange a random number
(nonce) and get back a md4 hash, which is built from the user's password
and the nonce. This makes sure that no password goes over the wire in plain text.
The main advantage of the Perl implementation is, that it can be easily extended
to verify the user/password against other sources than a windows domain controller.
The defaultf implementation is to go to the domain controller for the given domain
and verify the user. If you want to verify the user against another source, you
can inherit from Apache::AuthenNTLM and override it's methods.
To support users that aren't using Internet Explorer, Apache::AuthenNTLM can
AuthenNTLM.pm view on Meta::CPAN
=item $self -> {username}
The username
=item $self -> {password}
The password when doing basic authentication
=item $self -> {usernthash}
The md4 hash when doing ntlm authentication
Apache-AuthenPasswd
view release on metacpan or search on metacpan
AuthenPasswd.pm view on Meta::CPAN
if(crypt($sent_pwd, $passwd) eq $passwd) {
return MP2 ? Apache::OK : Apache::Constants::OK;
} else {
$r->note_basic_auth_failure;
MP2 ? $r->log_error("Apache::AuthenPasswd - user $name: bad password", $r->uri) : $r->log_reason("Apache::AuthenPasswd - user $name: bad password", $r->uri);
return MP2 ? Apache::HTTP_UNAUTHORIZED : Apache::Constants::HTTP_UNAUTHORIZED;
}
return MP2 ? Apache::OK : Apache::Constants::OK;
}
AuthenPasswd.pm view on Meta::CPAN
= head1 DESCRIPTION
**************** NOTICE *********************
Please, please, realize that this module will
only work with passwords that are stored in
/etc/passwd. Most systems use shadow
passwords now, and the call that this module
uses to access the password ONLY checks for
the password in the /etc/passwd file. Also,
the call that is needed to access passwords
in /etc/shadow cannot be called by anyone
other than root, so, (unless you are crazy
enough to run apache as root), you will not
be able to access /etc/shadow.
For more info on shadow passwords:
http://www.tldp.org/HOWTO/Shadow-Password-HOWTO.html
For alternatives that can access /etc/shadow from
apache:
http://mod-auth-shadow.sourceforge.net/
AuthenPasswd.pm view on Meta::CPAN
adaptation (i.e. I modified the code) of Michael Parker's
(B<parker@austx.tandem.com>) Apache::AuthenSmb module.
The module uses getpwnam to retrieve the B<passwd> entry from the
B</etc/passwd> file, using the supplied username as the search key. It
then uses B<crypt()> to verify that the supplied password matches the
retrieved hashed password.
= head2 Apache::AuthenPasswd vs. Apache::AuthzPasswd
I've taken "authentication" to be meaningful only in terms of a user and
password combination, not group membership. This means that you can use
Apache::AuthenPasswd with the B<require user> and B<require valid-user>
directives. In the /etc/passwd and /etc/group context I consider B<require
group> to be an "authorization" concern. I.e., group authorization
consists of establishing whether the already authenticated user is a member
of one of the indicated groups in the B<require group> directive. This
Apache-AuthenPasswdSrv
view release on metacpan or search on metacpan
AuthenPasswdSrv.pm view on Meta::CPAN
=head1 DESCRIPTION
B<Apache::AuthenPasswdSrv> is a mod_perl Authentication handler that
checks a users credentials against a domain socket server. The included
server, B<passwd_srv.pl>, checks a username and password against an NIS
database using Net::NIS and ypmatch. This release is very alpha. The
server protocol is not documented and transaction format will change.
The system has been running under light load at my office for about a
month now, and no problems are know with the current release.
AuthenPasswdSrv.pm view on Meta::CPAN
Break out module configuration into PerlSetVar statements.
=item B<NIS Server Configuration>
Figure out MakeMaker enough to auto-configure paths in password server.
=item B<Documentation>
Write up Server Protocol documentation.
Write a better POD file for the module.
=item B<Module/Server Structure>
Build class structure for password service client.
Add security so client/server can be used with standard IP sockets.
Build class structure for server.
Build other example servers.
=back
Apache-AuthenProgram
view release on metacpan or search on metacpan
AuthenProgram.pm view on Meta::CPAN
# Apache::AuthenProgram allows you to call an external program
# that performs username/password authentication in Apache.
#
# Copyright (c) October 7, 2002 Mark Leighton Fisher, Thomson Inc.
#
# This module is free software; you can redistribute it and/or
# modify it under the same terms as Perl itself.
AuthenProgram.pm view on Meta::CPAN
sub handler {
my $request = shift; # Apache request object
my @args = (); # authentication program arguments
my $cmd = ""; # program command string
my $i = 0; # counter for @args
my $ofh = ""; # output file handle for password temp file
my $password = ""; # password from Basic Authentication
my $passfile = ""; # temporary file containing password
my $passtype = ""; # "File" if communicating password by temp file
my $program = ""; # authentication program filename
my $response = ""; # Apache response object
my $success = ""; # success string from authentication program
my $username = ""; # username from Basic Authentication
# get password, decline if not Basic Authentication
($response, $password) = $request->get_basic_auth_pw;
return $response if $response;
# get username
$username = $request->connection->user;
if ($username eq "") {
AuthenProgram.pm view on Meta::CPAN
for ($i = 1; $i < 10; $i++) {
$args[$i] = $request->dir_config("AuthenProgramArg$i");
}
$success = $request->dir_config("AuthenProgramSuccess");
# write temp. password file on request
$passtype = $request->dir_config("AuthenProgramPassword");
if ($passtype eq "File") {
($ofh, $passfile) = tempfile();
if (!defined($ofh) || $ofh eq "") {
$request->log_reason("Apache::AuthenProgram can't create password file",
$request->uri);
return SERVER_ERROR;
}
chmod(0600, $passfile)
|| $request->log_reason(
"Apache::AuthenProgram can't chmod 0600 password file '$passfile' because: $!",
$request->uri);
if (!print $ofh $password,"\n") {
$request->log_reason("Apache::AuthenProgram can't write password file '$ofh'",
$request->uri);
return SERVER_ERROR;
}
if (!close($ofh)) {
$request->log_reason("Apache::AuthenProgram can't close password file '$ofh'",
$request->uri);
return SERVER_ERROR;
}
$password = $passfile;
}
# execute command, then examine output for success or failure
$cmd = "$program '$username' '$password' ";
$cmd .= join(' ', @args);
my @output = `$cmd`;
if ($passtype eq "File") {
if (!unlink($passfile)) {
$request->log_reason("Apache::AuthenProgram can't delete password file '$ofh'",
$request->uri);
}
}
if (!grep(/$success/, @output)) {
$request->note_basic_auth_failure;
AuthenProgram.pm view on Meta::CPAN
directive should follow whatever handler you use.
= head1 DESCRIPTION
This mod_perl module provides a reasonably general mechanism
to perform username/password authentication in Apache by
calling an external program. Authentication by an external
program is useful when a program can perform an authentication
not supported by any Apache modules (for example, cross-domain
authentication is not supported by Apache::NTLM or
Apache::AuthenSmb, but is supported by Samba's smbclient
program).
You must define the program pathname AuthenProgram and the
standard output success string AuthenProgramSuccess.
The first two arguments to the program are the username and
either the password or a temporary file with the password,
depending on whether AuthenProgramPassword has the value "File".
"File" forces sending the password to AuthenProgram through a
temporary file to avoid placing passwords on the command line where
they can be seen by ps(1).
Additional program arguments can be passed in the variables
AuthenProgramArg1, AuthenProgramArg2, etc. Up to 9 of these
variables are supported.
The examples/ subdirectory has sample programs for doing
Samba-based SMB authentication (examples/smblogon),
Oracle authentication (examples/oralogon), and
a simple example (examples/filelogon) that demonstrates communicating
the password through a temporary file.
If you are using this module please let me know, I'm curious how many
people there are that need this type of functionality.
This module was adapted from Apache::AuthenSmb.
Apache-AuthenRadius
view release on metacpan or search on metacpan
AuthenRadius.pm view on Meta::CPAN
# authentication modules for IE5 and Radiator
# http://www.open.com.au/radiator
# http://www.open.com.au/radkey
#
# For Digest Requires Authen::Radius, at least version 0.06 which
# can handle passwords longer than 16 bytes
use strict;
use warnings;
use Authen::Radius;
use Net::hostent;
AuthenRadius.pm view on Meta::CPAN
# Continue only if the first request.
return OK() unless $r->is_initial_req();
my $reqs_arr = $r->requires() || return OK();
# Grab the password, or return if HTTP_UNAUTHORIZED
my($res,$pass) = $r->get_basic_auth_pw();
return $res if $res;
# Get the user name.
my $user = MP2 ? $r->user() : $r->connection->user();
# Sanity for usernames and passwords.
if (length $user > 64 or $user =~ /[^A-Za-z0-9@_-.]/) {
$r->log_error("Apache::AuthenRadius username too long or contains illegal characters", $r->uri());
$r->note_basic_auth_failure();
return AUTH_REQUIRED();
}
if (length $pass > 256) {
$r->log_error("Apache::AuthenRadius password too long", $r->uri());
$r->note_basic_auth_failure();
return AUTH_REQUIRED();
}
return _authen_radius($r, $user, $pass);
AuthenRadius.pm view on Meta::CPAN
);
return AUTH_REQUIRED();
}
# Send the entire Authorization header as the password
# let the radius server figure it out
my $pass = $auth;
# Sanity for usernames and passwords.
if (length $user > 64) {
$r->log_error("Apache::AuthenRadius username too long or contains illegal characters", $r->uri());
return AUTH_REQUIRED();
}
if (length $pass > 256) {
$r->log_error("Apache::AuthenRadius password too long", $r->uri());
return AUTH_REQUIRED();
}
return _authen_radius($r, $user, $pass);
}
AuthenRadius.pm view on Meta::CPAN
For Digest authentication, this is the algorithm to use. Defaults to 'MD5'.
For Basic authentication, it is ignored. If Digest authentication is set,
unauthenticated requests will be sent a Digest challenge, including a nonce.
Authenticated requests will have the nonce checked against
Auth_Radius_nonce_lifetime, then the whole Authentication header sent as the
password to RADIUS.
=item * Auth_Radius_appendToUsername
Appends a string to the end of the user name that is sent to RADIUS. This
would normally be in the form of a realm (i.e. @some.realm.com) This is useful
AuthenRadius.pm view on Meta::CPAN
when making mod_perl:
perl Makefile.PL PERL_AUTHEN=1
For Digest authentication, you will need Authen::Radius version
0.06 or better. Version 0.05 only permits 16 byte passwords
=head1 SEE ALSO
L<Apache>, L<mod_perl>, L<Authen::Radius>
Apache-AuthenSecurID
view release on metacpan or search on metacpan
Auth/Auth.pm view on Meta::CPAN
Passcode :
</b>
</font>
</td>
<td>
<input type=password name=passcode>
<input type=hidden name=type value=check>
<input type=hidden name=a value=$uri>
</td>
</tr>
};
Auth/Auth.pm view on Meta::CPAN
PIN :
</b>
</font>
</td>
<td>
<input type=password name=pin1>
<input type=hidden name=type value=pin>
<input type=hidden name=alphanumeric value=$alphanumeric>
<input type=hidden name=min_pin_len value=$min_pin_len>
<input type=hidden name=max_pin_len value=$max_pin_len>
<input type=hidden name=a value=$uri>
Auth/Auth.pm view on Meta::CPAN
PIN ( Again ) :
</b>
</font>
</td>
<td>
<input type=password name=pin2>
</td>
</tr>
};
if ( $pin1 != $pin2 ) {
Auth/Auth.pm view on Meta::CPAN
Passcode :
</b>
</font>
</td>
<td>
<input type=password name=passcode>
<input type=hidden name=type value=check>
<input type=hidden name=a value=$uri>
</td>
</tr>
};
Auth/Auth.pm view on Meta::CPAN
Passcode :
</b>
</font>
</td>
<td>
<input type=password name=passcode>
<input type=hidden name=type value=check>
<input type=hidden name=a value=$uri>
</td>
</tr>
};
Auth/Auth.pm view on Meta::CPAN
Passcode :
</b>
</font>
</td>
<td>
<input type=password name=passcode>
<input type=hidden name=type value=check>
<input type=hidden name=a value=$uri>
</td>
</tr>
};
Auth/Auth.pm view on Meta::CPAN
Next Token Code :
</b>
</font>
</td>
<td>
<input type=password name=passcode>
<input type=hidden name=type value=next>
<input type=hidden name=a value=$uri>
</td>
</tr>
};
Auth/Auth.pm view on Meta::CPAN
PIN :
</b>
</font>
</td>
<td>
<input type=password name=pin1>
<input type=hidden name=type value=pin>
<input type=hidden name=a value=$uri>
<input type=hidden name=alphanumeric value=$$info{alphanumeric}>
<input type=hidden name=min_pin_len value=$$info{min_pin_len}>
<input type=hidden name=max_pin_len value=$$info{max_pin_len}>
Auth/Auth.pm view on Meta::CPAN
PIN ( Again ) :
</b>
</font>
</td>
<td>
<input type=password name=pin2>
</td>
</tr>
};
} else {
Auth/Auth.pm view on Meta::CPAN
Passcode :
</b>
</font>
</td>
<td>
<input type=password name=passcode>
<input type=hidden name=type value=check>
<input type=hidden name=a value=$uri>
</td>
</tr>
};
Auth/Auth.pm view on Meta::CPAN
Passcode :
</b>
</font>
</td>
<td>
<input type=password name=passcode>
<input type=hidden name=type value=check>
<input type=hidden name=a value=$uri>
</td>
</tr>
};
Auth/Auth.pm view on Meta::CPAN
Passcode :
</b>
</font>
</td>
<td>
<input type=password name=passcode>
<input type=hidden name=type value=check>
<input type=hidden name=a value=$uri>
</td>
</tr>
};
Apache-AuthenSmb
view release on metacpan or search on metacpan
AuthenSmb.pm view on Meta::CPAN
$bdc,
$domain);
unless($return == 0) {
$r->note_basic_auth_failure;
MP2 ? $r->log_error("user $name: password mismatch", $r->uri) :
$r->log_reason("user $name: password mismatch", $r->uri);
return MP2 ? Apache::HTTP_UNAUTHORIZED :
Apache::Constants::HTTP_UNAUTHORIZED;
}
unless (@{ $r->get_handlers("PerlAuthzHandler") || []}) {
Apache-AuthenURL
view release on metacpan or search on metacpan
lib/Apache/AuthenURL/Cache.pm view on Meta::CPAN
sub handler {
my($r) = @_;
my($status, $password) = $r->get_basic_auth_pw;
return Apache2::Const::OK unless $r->is_initial_req;
return $status unless ($status == Apache2::Const::OK);
lib/Apache/AuthenURL/Cache.pm view on Meta::CPAN
default_expires_in => $attribute->{CacheTime},
);
my $user = $r->user;
if (my $cached_password = $cache->get($user)) {
$r->log->debug($prefix, "::handler: using cached password for $user");
if (length($password) == 0 and $attribute->{NoPasswd} eq 'off') {
$r->log->debug($prefix, "::handler: no password sent, failing");
$r->note_basic_auth_failure;
return Apache2::Const::HTTP_UNAUTHORIZED;
}
if ($attribute->{Encrypted} eq 'on') {
$r->log->debug($prefix, "::handler: encrypt password for check");
my $salt = substr($cached_password, 0, 2);
$password = crypt($password, $salt);
}
if ($password eq $cached_password) {
$r->log->debug($prefix, "::handler: passwords match");
return Apache2::Const::OK;
}
else {
$r->note_basic_auth_failure;
return Apache2::Const::HTTP_UNAUTHORIZED;
lib/Apache/AuthenURL/Cache.pm view on Meta::CPAN
}
sub manage_cache {
my($r) = @_;
my($status, $password) = $r->get_basic_auth_pw;
my $attribute = {};
while(my($key, $value) = each %ConfigDefaults) {
$value = $r->dir_config($key) || $value;
$key =~ s/^AuthenCache_//;
lib/Apache/AuthenURL/Cache.pm view on Meta::CPAN
my $user = $r->user;
my $auth_name = $r->auth_name;
if ($attribute->{Encrypted} eq 'on') {
$r->log->debug($prefix, "::manage_cache: encrypt password for storage");
my @alphabet = ('a' .. 'z', 'A' .. 'Z', '0' .. '9', '.', '/');
my $salt = join ('', @alphabet[rand (64), rand (64)]);
$password = crypt($password, $salt);
}
my $cache = new Cache::SharedMemoryCache(
{ namespace => $auth_name },
default_expires_in => $attribute->{CacheTime},
);
$cache->purge;
$cache->set($user, $password, $attribute->{CacheTime});
$r->log->debug($prefix, "::manage_cache: storing user:", $user);
return Apache2::Const::OK;
}
lib/Apache/AuthenURL/Cache.pm view on Meta::CPAN
This directive contains the number of seconds before the cache is
expired. Default is an indefinite time limit.
=item B<AuthenCache_Encrypted>
If this directive is set to 'Off', passwords are not encrypted.
Default is 'On', ie passwords use standard Unix crypt.
=back
=item B<AuthenCache_NoPasswd>
If this directive is set to 'On', passwords may be zero length.
Default is 'Off', ie passwords may not be zero length.
=back
=head1 PREREQUISITES
Apache-AuthzNIS
view release on metacpan or search on metacpan
AuthzNIS.pm view on Meta::CPAN
valid-user> directives.
= head2 Apache::AuthenNIS vs. Apache::AuthzNIS
I've taken "authentication" to be meaningful only in terms of a user and
password combination, not group membership. This means that you can use
Apache::AuthenNIS with the B<require user> and B<require valid-user>
directives. In the NIS context I consider B<require group> to be an
"authorization" concern. I.e., Group authorization consists of
establishing whether the already authenticated user is a member of one of
the indicated groups in the B<require group> directive. This process may
Apache-AuthzNetLDAP
view release on metacpan or search on metacpan
AuthzNetLDAP.pm view on Meta::CPAN
#first we connect to the LDAP server
my $ldap = new Net::LDAP($ldapserver, port => $ldapport);
#initial bind as user in Apache config
my $mesg = $ldap->bind($binddn, password=>$bindpwd);
#each error message has an LDAP error code
if (my $error = $mesg->code())
{
$r->note_basic_auth_failure;
AuthzNetLDAP.pm view on Meta::CPAN
based on LDAP attributes.
=head1 SYNOPSIS
PerlSetVar BindDN "cn=Directory Manager"
PerlSetVar BindPWD "password"
PerlSetVar BaseDN "ou=people,o=unt.edu"
PerlSetVar LDAPServer ldap.unt.edu
PerlSetVar LDAPPort 389
PerlSetVar UIDAttr uid
#PerlSetVar UIDAttr mail
AuthzNetLDAP.pm view on Meta::CPAN
Is this true? I just thought, that you might want to only authorize a user, instead of authenticate...)
If you are using an authentication module, then the following lines will not need to be duplicated:
PerlSetVar BindDN "cn=Directory Manager"
PerlSetVar BindPWD "password"
PerlSetVar BaseDN "ou=people,o=unt.edu"
PerlSetVar LDAPServer ldap.unt.edu
PerlSetVar LDAPPort 389
PerlSetVar UIDAttr uid
#PerlSetVar UIDAttr mail
Apache-AuthzPasswd
view release on metacpan or search on metacpan
AuthzPasswd.pm view on Meta::CPAN
authorized user. Defaults to "no".
= head2 Apache::AuthenPasswd vs. Apache::AuthzPasswd
I've taken "authentication" to be meaningful only in terms of a user and
password combination, not group membership. This means that you can use
Apache::AuthenPasswd with the B<require user> and B<require valid-user>
directives. In the /etc/passwd and /etc/group context I consider B<require
group> to be an "authorization" concern. I.e., group authorization
consists of establishing whether the already authenticated user is a member
of one of the indicated groups in the B<require group> directive. This
Apache-AuthzUserDir
view release on metacpan or search on metacpan
AuthzUserDir.pm view on Meta::CPAN
my $user = $r->connection->user;
unless($user and $sent_pw) {
$r->note_basic_auth_failure;
$r->log_reason("Both a username and password must be provided", $r->filename);
return AUTH_REQUIRED;
}
my($file,$userdir_user);
$file = $r->uri;
Apache-AutoLogin
view release on metacpan or search on metacpan
AutoLogin.pm view on Meta::CPAN
}
# Let's get the authorization headers out of the client's request
my $credentials='';
my $user='';
my $password='';
my $auth_header=$r->headers_in->get('Authorization');
if (defined $auth_header)
{
$credentials =(split / /, $auth_header)[-1];
($user, $password) = split /:/, MIME::Base64::decode($credentials),2;
}
$log->info("header $user from $client_identifier");
# Look for any cookies
AutoLogin.pm view on Meta::CPAN
unless ($cookiejar{$auth_name}) {
$log->info("Client $client_identifier has no cookie");
setCookie($r,$user,$password,$client_identifier,$cookie_lifetime,$encryption_key);
# DECLINED zur?ckgeben, damit Apache weitermacht.
return DECLINED;
}
# Get the credentials out of the cookie
my %auth_cookie=$cookiejar{$auth_name}->value;
my $decrypted_string=decrypt_aes(decode_base64($auth_cookie{Basic}),$encryption_key);
my ($c_user,$c_password,$c_client_ip,$c_date)=split (/:/, $decrypted_string , 4);
# Check if the client has furnished any valid information
if ($decrypted_string ne '')
{
AutoLogin.pm view on Meta::CPAN
# Check if the cookie hasn't expired
if (time()>$c_date)
{
$log->info("Cookie has expired");
setCookie($r,$user,$password,$client_identifier,$cookie_lifetime,$encryption_key);
return DECLINED;
}
# Check if the cookie comes from the host it was issued to
if ($client_identifier ne $c_client_ip)
{
$log->info("Cookie for $c_user has not been set for $client_identifier but for $c_client_ip");
setCookie($r,$user,$password,$client_identifier,$cookie_lifetime,$encryption_key);
return DECLINED;
}
}
else
{
$log->info("Client $client_identifier has furnished an invalid cookie.");
}
# If the client sent any http authentication credentials lets write them to a cookie
if ($user ne '' && $password ne '') {
setCookie($r,$user,$password,$client_identifier,$cookie_lifetime,$encryption_key);
}
# Else write the credentials within the cookie into the http header
else {
# But only if there IS something in the cookie!
if ($decrypted_string ne '' and $c_user ne '' and $c_password ne '') {
my $credentials=MIME::Base64::encode(join(":",$c_user,$c_password));
$r->headers_in->set(Authorization => "Basic $credentials");
}
}
# Return DECLINED
AutoLogin.pm view on Meta::CPAN
}
## sets the cookie
sub setCookie {
my ($r,$user,$password,$client_identifier,$cookie_lifetime,$encryption_key)=@_;
my $auth_name=$r->dir_config('AutoLoginAuthName');
my $log=$r->server->log;
my $auth_cookie = Apache::Cookie->new ($r,
-name => $auth_name,
-value => {Basic => encode_base64(encrypt_aes(join (":",$user,$password,$client_identifier,(time()+60*60*24*$cookie_lifetime)),$encryption_key))},
-path => "/",
-expires => "+".$cookie_lifetime."d"
);
$auth_cookie->bake;
AutoLogin.pm view on Meta::CPAN
=head2 Security aspects
The cookie itself is AES256 encrypted using Crypt::Rjindael and features a md5 checksum of the data. Furthermore, some information about the client the cookie was issued for is stored as well (IP address, user-agent, hostname), which should make it m...
Anyways, although cracking of the cookie is almost unfeasable with todays computing powers, be aware that this module is for convenience only. It does not give you any additional security (well a bit perhaps) over traditional basic authentication, wh...
Although the cookie can be regarded as secure, the security of it's use stands and falls with the security of the computer it is stored on. If your users do not have personal accounts on their computers, forget about using it.
=head1 Apache configuration directives
Apache-AxKit-Plugin-AddXSLParams-Request
view release on metacpan or search on metacpan
# verbose URI parameters
if ( grep { $_ eq 'VerboseURI' } @allowed_groups ) {
my $parsed_uri = $r->parsed_uri;
my @uri_methods = qw( scheme hostinfo user password hostname port path rpath query fragment );
foreach my $method ( @uri_methods ) {
my $value = $parsed_uri->$method();
$cgi->parms->set('request.uri.' . $method => $value ) if length $value > 0;
}
=item * hostinfo
=item * user
=item * password
=item * hostname
=item * port
Apache-AxKit-Plugin-Session
view release on metacpan or search on metacpan
lib/AxKit/XSP/Auth.pm view on Meta::CPAN
}
$type->set_permission_set($subr,@set);
EOC
}
sub random_password : XSP_expr XSP_attribOrChild(lang,signs,numbers,minlen,maxlen)
{
return 'Crypt::GeneratePassword::word(int($attr_minlen)||7,int($attr_maxlen)||7,$attr_lang,int($attr_signs),(defined $attr_numbers?int($attr_numbers):2))';
}
# This may not work on win32 nor with crypt() implementations without
# MD5 support. Considered experimental for that reason.
sub encrypt_password : XSP_captureContent XSP_expr
{
return 'crypt($_,AxKit::XSP::Auth::makeSalt())';
}
sub password_matches : XSP_attribOrChild(clear,encrypted) XSP_expr
{
return << 'EOF';
($attr_clear && $attr_encrypted && crypt($attr_clear,$attr_encrypted) eq $attr_encrypted?1:0);
EOF
}
lib/AxKit/XSP/Auth.pm view on Meta::CPAN
=head1 DESCRIPTION
The XSP session taglib provides authorization management to XSP pages. It
allows you to view, check and modify access permissions for users (logging
in and out) and the effective permissions of an object (file, directory or
subtarget). Moreover, it provides utilities for password handling.
This taglib works in conjunction with Apache::AxKit::Plugin::Session,
which does all the hard work. There are several configuration variants
available, see the man page for details.
lib/AxKit/XSP/Auth.pm view on Meta::CPAN
This tag checks if the current user is allowed to access a resource and aborts the current
page if not. It takes a target specification like get-permission and a reason code and
message list like deny-permission.
=head3 C<<random-password>>
This tag returns a random password suitable for sending it to users. It consists of
6 letters or digits, both upper and lower case. There are some checks made to make
sure it doesn't contain an offensive word.
=head3 C<<encrypt-password>>
This tag encrypts its contents as a password and inserts the result.
=head3 C<<password-matches>>
This tag checks if a password matches an encrypted password. Pass the passes in child
tags or attributes named 'clear' and 'encrypted'. Returns 1 or 0.
=head3 C<<get-reason>>
This tag returns a symbolic value which describes the last auth error. This can be used
Apache-AxKit-Provider-OpenOffice
view release on metacpan or search on metacpan
dtds/form.mod view on Meta::CPAN
Contributor(s): _______________________________________
-->
<!ENTITY % controls "form:text|form:textarea|form:fixed-text|form:file|
form:password|form:formatted-text|form:button|form:image|
form:checkbox|form:radio|form:listbox|form:combobox|form:frame|
form:hidden|form:image-frame|form:grid|form:generic-control">
<!ENTITY % name "form:name CDATA #IMPLIED">
<!ENTITY % service-name "form:service-name CDATA #IMPLIED">
dtds/form.mod view on Meta::CPAN
%title;
%value;
%convert-empty;
%data-field;>
<!ELEMENT form:password (form:properties?, office:events?)>
<!ATTLIST form:password %disabled;
%max-length;
%printable;
%tab-index;
%tab-stop;
%title;
%value;
%convert-empty;>
<!ATTLIST form:password form:echo-char CDATA "*">
<!ELEMENT form:file (form:properties?, office:events?)>
<!ATTLIST form:file %current-value;
%disabled;
%max-length;
Apache-BruteWatch
view release on metacpan or search on metacpan
lib/Apache/BruteWatch.pm view on Meta::CPAN
$VERSION = qw($Revision: 1.13 $) [1];
=head1 NAME
Apache::BruteWatch - Watch the Apache logs and notify of bruteforce password attacks
=head1 VERSION
$Revision: 1.13 $
lib/Apache/BruteWatch.pm view on Meta::CPAN
PerlLogHandler Apache::BruteWatch
PerlSetVar BruteDatabase DBI:mysql:brutelog
PerlSetVar BruteDataUser username
PerlSetVar BruteDataPassword password
PerlSetVar BruteMaxTries 10
PerlSetVar BruteMaxTime 30
PerlSetVar BruteNotify rbowen@example.com
PerlSetVar BruteForgive 300
=head1 DESCRIPTION
C<mod_perl> log handler for warning you when someone is attempting a
brute-force password attack on your web site.
=head1 Variables
The following variables can be set in your Apache configuration file:
lib/Apache/BruteWatch.pm view on Meta::CPAN
The database username
=head2 BruteDataPassword
The database password
=head2 BruteMaxTries and BruteMaxTime
Allow this many failed attempts in this much time. After that,
notification will be sent. Time is in seconds.
lib/Apache/BruteWatch.pm view on Meta::CPAN
my $message = qq~
Apache::BruteWatch
It appears that the username $username is under a brute-force
password attack.
~;
my %mail = (
To => $notify,
From => $notify,
Apache-Bwlog
view release on metacpan or search on metacpan
{
my $r = shift;
my $Bwlog_mysql_database = $r->dir_config("Bwlog_mysql_database");
my $Bwlog_mysql_server = $r->dir_config("Bwlog_mysql_server");
my $Bwlog_mysql_user = $r->dir_config("Bwlog_mysql_user");
my $Bwlog_mysql_password = $r->dir_config("Bwlog_mysql_password");
return DBI->connect("DBI:mysql:$Bwlog_mysql_database:$Bwlog_mysql_server", $Bwlog_mysql_user, $Bwlog_mysql_password);
}
sub read_shm_hash
{
## Since the sharelite module doesn't support var types, we are going to store a structure to read/write our hash back and forth.
Valid types are currently "file" and "mysql". The mysql portion requires the directives
described below.
=item * PerlSetVar Bwlog_mysql_user
=item * PerlSetVar Bwlog_mysql_password
=item * PerlSetVar Bwlog_mysql_server
=item * PerlSetVar Bwlog_mysql_database
httpd.conf Example.
PerlLogHandler Apache::Bwlog
PerlSetVar Bwlog_mysql_user bw_user
PerlSetVar Bwlog_mysql_password bw_password
PerlSetVar Bwlog_mysql_server 127.0.0.1
PerlSetVar Bwlog_mysql_database bw_logger
PerlSetVar Bwlog_mysql_tablename bw_log
PerlSetVar Bwlog active
Apache-CIPP
view release on metacpan or search on metacpan
# configuration for the database named 'zyn'
# (please refer to the DBI documentation for details)
PerlSetVar db_zyn_data_source dbi:mysql:zyn
PerlSetVar db_zyn_user my_username1
PerlSetVar db_zyn_password my_password1
PerlSetVar db_zyn_auto_commit 1
# configuration for the database named 'foo'
PerlSetVar db_foo_data_source dbi:Oracle:foo
PerlSetVar db_foo_user my_username2
PerlSetVar db_foo_password my_password2
PerlSetVar db_foo_auto_commit 0
</Location>
=head1 DESCRIPTION
Apache-Centipaid
view release on metacpan or search on metacpan
Centipaid.pm view on Meta::CPAN
AuthType custom
PerlAuthenHandler Apache::Centipaid
require valid-user
PerlSetVar acct account_name
PerlSetVar pass receipt_password
PerlSetVar amount 0.01
PerlSetVar duration 1d
PerlSetVar access /pay_path
PerlSetVar domain your.domain.name
PerlSetVar lang en
Centipaid.pm view on Meta::CPAN
If the rececipt is valid, then the information is stored locally. The
information stored included the ip of the client (for optional enforcment
of payment tied to ip), amount paid, date of transaction, expiry date,
and the zone the payment covers. And since centipaid micropayment system
is designed to allow users to pay without having to provide username,
password or any other payment information other than the recipt
number, it makes the process easy to manage and neither the payer or
payee have to worry about financial information falling into the wrong
hands.
B<How do we track payments?>
Centipaid.pm view on Meta::CPAN
The account number is issued by ceentipaid.com
for a given domain name. This number is unique
and it determines who gets paid.
=item B<pass> receipt_password
The password is used only in socket authetication.
It does not grant the owner any special access
except to be able to query the receipt server for
a given receipt number.
=item B<amount> 0.5
Centipaid.pm view on Meta::CPAN
access to read/write to the database defined in
dbname.
=item B<dbpass> pass
This should be the password of the user that has
access to read/write to the database defined in
dbname.
=back
Apache-ConfigParser
view release on metacpan or search on metacpan
t/httpd02.conf view on Meta::CPAN
# information, access is disallowed for security reasons. Comment
# these lines out if you want Web visitors to see the contents of
# .htaccess files. If you change the AccessFileName directive above,
# be sure to make the corresponding changes here.
#
# Also, folks tend to use names such as .htpasswd for password
# files, so this will protect those as well.
#
< Files ~ "^\.ht" >
Order allow,deny
Deny from all
t/httpd02.conf view on Meta::CPAN
# Set various options for the SSL engine.
# o FakeBasicAuth:
# Translate the client X.509 into a Basic Authorisation. This means that
# the standard Auth/DBMAuth methods can be used for access control. The
# user name is the `one line' version of the client's X.509 certificate.
# Note that no password is obtained from the user. Every entry in the user
# file needs this password: `xxj31ZMTZzkVA'.
# o ExportCertData:
# This exports two additional environment variables: SSL_CLIENT_CERT and
# SSL_SERVER_CERT. These contain the PEM-encoded certificates of the
# server (always existing) and the client (only existing when client
# authentication is used). This can be used to import the certificates
Apache-ContentHandler
view release on metacpan or search on metacpan
ContentHandler.pm view on Meta::CPAN
$self->{noprint} = 0;
$self->{error_email} = 'root';
$self->{dbi_driver} = '';
$self->{dbi_user} = '';
$self->{dbi_password} = '';
}
=item * $val = $self->arg($key)
Returns a CGI/mod_perl parameter for the key $key.
ContentHandler.pm view on Meta::CPAN
}
=item * $s = $hc->dbi
Returns a DBI connection. Override _init and add values for
dbi_driver, dbi_user, and dbi_password to make this connection.
=cut
sub dbi {
my $self = shift;
unless (defined $self->{dbi}) {
$self->{dbi} = DBI->connect($self->{dbi_driver},
$self->{dbi_user},
$self->{dbi_password});
if ($self->{dbi}) {
$self->{dbi}->do('SET DateStyle = \'ISO\'') ||
print '<H2>', $DBI::errstr, "</H2>\n";
} else {
Apache-CryptHash
view release on metacpan or search on metacpan
CryptHash.pm view on Meta::CPAN
sub init() {
my ($proto, $crypt) = @_;
my $class = ref($proto) || $proto;
my $self = {};
$self->{NAME} = 'Secret'; # default header name
$self->{CRYPT} = $crypt || do { # default password is hostname
require Sys::Hostname; # 'no, NO' turns encryption off
&Sys::Hostname::hostname;
};
bless ($self, $class);
return $self;
CryptHash.pm view on Meta::CPAN
Return the md5 base 64 hash of input string.
=item C<checkMAC>
$c = Apache::CryptHash->init('some password');
$c->checkMAC(\%state, \@mac_keys)
Does a comparison of the MAC in the B<%state> vs the calculated value based
on B<@mac_keys> and returns a boolean result.
Apache-CustomKeywords
view release on metacpan or search on metacpan
lib/Apache/CustomKeywords.pm view on Meta::CPAN
=back
=head1 NOTE
If you put C<:> or C<@> as a query in Location: box, MSIE recognizes
it as protocol or authentication password stuff, hence this module
might not work.
=head1 TODO
=over 4
( run in 1.020 second using v1.01-cache-2.11-cpan-39bf76dae61 )