credentials results from the CPAN

Apache-SecSess

view release on metacpan or search on metacpan

THEN AS ROOT,

	cd db; cp dbilogin.txt /usr/local/apache/conf/private

NOTE: This path is hard-coded in startup.pl, so if you change it, you must
change it consistently everywhere.


5. Set up IP Aliasing.

The demo shows the transfer of credentials between different hosts.  You
don't actually need separate physical hosts, if your machine supports IP 
aliasing.

On Linux, if you have an old kernel (<2.4?) read the HOWTO on IP Aliasing.  
Otherwise (new linux kernels), ip aliasing is automatic.  Here is the 
relevant fragment from my /etc/hosts:

	## prototype web devel virtual hosts (some Libertarians)
	192.168.1.11	adam.acme.com adam smith
	192.168.1.12	lysander.acme.com lysander spooner

SecSess/Cookie/BasicAuth.pm view on Meta::CPAN


use Apache::Constants qw(:common :response);
use Apache::SecSess::Cookie;

use vars qw(@ISA $VERSION);

$VERSION = sprintf("%d.%02d", (q$Name: SecSess_Release_0_09 $ =~ /\d+/g));

@ISA = qw(Apache::SecSess::Cookie);

## validate (usually non-cookie) credentials used to authenicate user
sub verifyIdentity {
	my $self = shift;
	my($r) = @_;
	my $log = $r->log;
	my($uid, $res, $pw, $msg);

    $log->debug(ref($self), "->verifyIdentity():");

	## read password and user id if present, bail otherwise
	($res, $pw) = $r->get_basic_auth_pw;

SecSess/Cookie/LoginForm.pm view on Meta::CPAN

use strict;

use Apache::SecSess::Cookie;

use vars qw(@ISA $VERSION);

$VERSION = sprintf("%d.%02d", (q$Name: SecSess_Release_0_09 $ =~ /\d+/g));

@ISA = qw(Apache::SecSess::Cookie);

## validate (usually non-cookie) credentials used to authenicate user
sub verifyIdentity {
	my $self = shift;
	my($r) = @_;
	my $log = $r->log;
	my(%params, $uid, $pw, %args, $url, $form, $msg);

    $log->debug(ref($self), "->verifyIdentity():");

	## is this the initial visit to the form?
	unless ($r->method eq 'POST') { # allow no GET for now ...

SecSess/Cookie/URL.pm view on Meta::CPAN


use Apache::SecSess::Cookie;
use Apache::SecSess::Wrapper;

use vars qw(@ISA $VERSION);

$VERSION = sprintf("%d.%02d", (q$Name: SecSess_Release_0_09 $ =~ /\d+/g));

@ISA = qw(Apache::SecSess::Cookie);

## validate (usually non-cookie) credentials used to authenicate user
sub verifyIdentity {
	my $self = shift;
	my($r) = @_;
	my $log = $r->log;
	my(%args, $ctxt, $urlcred);

    $log->debug(ref($self), "->verifyIdentity():");

	## extract ciphertext from URL
	%args = $r->args;
	$ctxt = $args{$self->authRealm};
	$urlcred = $self->{wrapper}->unwraphash($ctxt);

	## validate URL credentials as we would at higher level
	return $self->validateCredentials($r, $urlcred);
}

1;

__END__
What are you looking at?

SecSess/Cookie/X509.pm view on Meta::CPAN

use strict;

use Apache::SecSess::Cookie;

use vars qw(@ISA $VERSION);

$VERSION = sprintf("%d.%02d", (q$Name: SecSess_Release_0_09 $ =~ /\d+/g));

@ISA = qw(Apache::SecSess::Cookie);

## validate (usually non-cookie) credentials used to authenicate user
sub verifyIdentity {
	my $self = shift;
	my($r) = @_;
	my $log = $r->log;
	my($subr, $email, $uid);

    $log->debug(ref($self), "->verifyIdentity():");

	## resolve user ID from certificate DN email
	$subr = $r->lookup_uri($r->uri);

SecSess/Cookie/X509PIN.pm view on Meta::CPAN

use strict;

use Apache::SecSess::Cookie;

use vars qw(@ISA $VERSION);

$VERSION = sprintf("%d.%02d", (q$Name: SecSess_Release_0_09 $ =~ /\d+/g));

@ISA = qw(Apache::SecSess::Cookie);

## validate (usually non-cookie) credentials used to authenicate user
sub verifyIdentity {
	my $self = shift;
	my($r) = @_;
	my $log = $r->log;
	my($subr, $email, $uid, %params, $pin, %args, $url, $form, $msg);

    $log->debug(ref($self), "->verifyIdentity():");

	## resolve user ID from certificate DN email
	$subr = $r->lookup_uri($r->uri);

SecSess/URL.pm view on Meta::CPAN

use Apache::Constants qw(:common :response);
use Apache::SecSess;
use Apache::SecSess::Wrapper;

use vars qw(@ISA $VERSION);

$VERSION = sprintf("%d.%02d", (q$Name: SecSess_Release_0_09 $ =~ /\d+/g));

@ISA = qw(Apache::SecSess);

## extract appropriate credentials from headers and decrypt contents
sub getCredentials {
	my $self = shift;
	my($r) = @_;
	my $log = $r->log;
	my(%args, $ctxt);

    $log->debug(ref($self), "->verifyIdentity():");

	## extract ciphertext from URL
	%args = $r->args;
	$ctxt = $args{$self->authRealm};
	unless ($ctxt) { return 'No URL credentials found.'; }

	return $self->{wrapper}->unwraphash($ctxt);
}

## validate (usually non-url) credentials used to authenicate user
sub verifyIdentity { my $self = shift; return undef }

## issue credentials
sub issueCredentials {
	my $self = shift;
	my($r) = @_;
	my $log = $r->log;
	my($uid, $realm, $ctxt, %args, $requrl, $idx, @chains, $chain, $url, $sep);
	my($backurl);

	$log->debug(ref($self), "->issueCredentials():");

	## form credentials as URL query string fragments
	$uid = $r->user;
	$realm = $self->authRealm;
	$ctxt = $self->{wrapper}->wraphash({
		uid => $uid,
		timestamp => time,
		qop => $self->sessQOP,
		authqop => $self->authQOP
	});

	## determine whether in (multi-host) chaining mode

demo/ht/adam.acme.com/signout/timeout.html view on Meta::CPAN

<& /index.comp, title => 'Session Timeout', content => $content &>

<%init>
my %messages = (
	idle => 
	'<b>Idle Timeout:</b> your session remained inactive for too long.',
	expire => 
	'<b>Expiration:</b> your session has expired.',
	notvalid => 
	'<b>No Longer Valid:</b> your session credentials are no longer valid.',
	unknown => 
	'<b>Unknown Reason.</b>'
);

my $content = <<"ENDCONTENT";
<font color="#f42424" size=5>Session Timeout.</font><p>
Your login session has timed out due to the following reason:
<ul>
	<li> $messages{$type}
</ul>

demo/ht/john.sec.acme.com/signout/timeout.html view on Meta::CPAN

<& /index.comp, title => 'Session Timeout', content => $content &>

<%init>
my %messages = (
	idle => 
	'<b>Idle Timeout:</b> your session remained inactive for too long.',
	expire => 
	'<b>Expiration:</b> your session has expired.',
	notvalid => 
	'<b>No Longer Valid:</b> your session credentials are no longer valid.',
	unknown => 
	'<b>Unknown Reason.</b>'
);

my $content = <<"ENDCONTENT";
<font color="#f42424" size=5>Session Timeout.</font><p>
Your login session has timed out due to the following reason:
<ul>
	<li> $messages{$type}
</ul>

demo/ht/lysander.acme.com/signout/timeout.html view on Meta::CPAN

<& /index.comp, title => 'Session Timeout', content => $content &>

<%init>
my %messages = (
	idle => 
	'<b>Idle Timeout:</b> your session remained inactive for too long.',
	expire => 
	'<b>Expiration:</b> your session has expired.',
	notvalid => 
	'<b>No Longer Valid:</b> your session credentials are no longer valid.',
	unknown => 
	'<b>Unknown Reason.</b>'
);

my $content = <<"ENDCONTENT";
<font color="#f42424" size=5>Session Timeout.</font><p>
Your login session has timed out due to the following reason:
<ul>
	<li> $messages{$type}
</ul>

demo/ht/milt.sec.acme.com/signout/timeout.html view on Meta::CPAN

<& /index.comp, title => 'Session Timeout', content => $content &>

<%init>
my %messages = (
	idle => 
	'<b>Idle Timeout:</b> your session remained inactive for too long.',
	expire => 
	'<b>Expiration:</b> your session has expired.',
	notvalid => 
	'<b>No Longer Valid:</b> your session credentials are no longer valid.',
	unknown => 
	'<b>Unknown Reason.</b>'
);

my $content = <<"ENDCONTENT";
<font color="#f42424" size=5>Session Timeout.</font><p>
Your login session has timed out due to the following reason:
<ul>
	<li> $messages{$type}
</ul>

demo/ht/noam.acme.org/signout/timeout.html view on Meta::CPAN

<& /index.comp, title => 'Session Timeout', content => $content &>

<%init>
my %messages = (
	idle => 
	'<b>Idle Timeout:</b> your session remained inactive for too long.',
	expire => 
	'<b>Expiration:</b> your session has expired.',
	notvalid => 
	'<b>No Longer Valid:</b> your session credentials are no longer valid.',
	unknown => 
	'<b>Unknown Reason.</b>'
);

my $content = <<"ENDCONTENT";
<font color="#f42424" size=5>Session Timeout.</font><p>
Your login session has timed out due to the following reason:
<ul>
	<li> $messages{$type}
</ul>

demo/ht/stu.transacme.com/signout/timeout.html view on Meta::CPAN

<& /index.comp, title => 'Session Timeout', content => $content &>

<%init>
my %messages = (
	idle => 
	'<b>Idle Timeout:</b> your session remained inactive for too long.',
	expire => 
	'<b>Expiration:</b> your session has expired.',
	notvalid => 
	'<b>No Longer Valid:</b> your session credentials are no longer valid.',
	unknown => 
	'<b>Unknown Reason.</b>'
);

my $content = <<"ENDCONTENT";
<font color="#f42424" size=5>Session Timeout.</font><p>
Your login session has timed out due to the following reason:
<ul>
	<li> $messages{$type}
</ul>

demo/ht/tom.acme.com/signout/timeout.html view on Meta::CPAN

<& /index.comp, title => 'Session Timeout', content => $content &>

<%init>
my %messages = (
	idle => 
	'<b>Idle Timeout:</b> your session remained inactive for too long.',
	expire => 
	'<b>Expiration:</b> your session has expired.',
	notvalid => 
	'<b>No Longer Valid:</b> your session credentials are no longer valid.',
	unknown => 
	'<b>Unknown Reason.</b>'
);

my $content = <<"ENDCONTENT";
<font color="#f42424" size=5>Session Timeout.</font><p>
Your login session has timed out due to the following reason:
<ul>
	<li> $messages{$type}
</ul>

demo/httpdconf/startup.pl view on Meta::CPAN

	authRealm => 'Acme',
	cookieDomain => { 128 => 'stu.transacme.com' },
	authenURL => 'https://stu.transacme.com/authen',
	defaultURL => 'https://stu.transacme.com/chain',
	renewURL => 'https://stu.transacme.com/renew',
	timeoutURL => 'https://stu.transacme.com/signout/timeout.html',
	adminURL => 'https://stu.transacme.com/changeid',
	errorURL => 'http://stu.transacme.com/error.html'
);

## stu.transacme.com issue mangled-URL credentials based on stu cookies
$Acme::chain = Apache::SecSess::URL::Cookie->new(
	dbo => Apache::SecSess::DBI->new(
		dbifile => '/usr/local/apache/conf/private/dbilogin.txt'
	),
	secretFile => '/usr/local/apache/conf/private/ckysec.txt',
	lifeTime => 1440, idleTime => 60, renewRate => 5,
	sessQOP => 128, authQOP => 128,
	minSessQOP => 128, minAuthQOP => 128,
	authRealm => 'Acme',
	authenURL => 'https://stu.transacme.com/authen',

rfc/rfc2964.txt view on Meta::CPAN

   Because such practices encourage users to defeat HTTP State
   Management mechanisms, they tend to reduce the effectiveness of HTTP
   State Management, and are therefore considered detrimental to the
   operation of the web.

2.2.2.  Use as an Authentication Mechanism

   It is generally inappropriate to use the HTTP State Management
   protocol as an authentication mechanism.  HTTP State Management is
   not designed with such use in mind, and safeguards for protection of
   authentication credentials are lacking in both the protocol
   specification and in widely deployed HTTP clients and servers.  Most
   HTTP sessions are not encrypted and "cookies" may therefore be
   exposed to passive eavesdroppers.  Furthermore, HTTP clients and
   servers typically store "cookies" in cleartext with little or no
   protection against exposure.  HTTP State Management therefore SHOULD




Moore & Freed            Best Current Practice                  [Page 4]

view all matches for this distribution
view release on metacpan - search on metacpan

( run in 1.331 second using v1.00-cache-2.02-grep-82fe00e-cpan-2c419f77a38b )