view release on metacpan or search on metacpan
THEN AS ROOT,
cd db; cp dbilogin.txt /usr/local/apache/conf/private
NOTE: This path is hard-coded in startup.pl, so if you change it, you must
change it consistently everywhere.
5. Set up IP Aliasing.
The demo shows the transfer of credentials between different hosts. You
don't actually need separate physical hosts, if your machine supports IP
aliasing.
On Linux, if you have an old kernel (<2.4?) read the HOWTO on IP Aliasing.
Otherwise (new linux kernels), ip aliasing is automatic. Here is the
relevant fragment from my /etc/hosts:
## prototype web devel virtual hosts (some Libertarians)
192.168.1.11 adam.acme.com adam smith
192.168.1.12 lysander.acme.com lysander spooner
SecSess/Cookie/BasicAuth.pm view on Meta::CPAN
use Apache::Constants qw(:common :response);
use Apache::SecSess::Cookie;
use vars qw(@ISA $VERSION);
$VERSION = sprintf("%d.%02d", (q$Name: SecSess_Release_0_09 $ =~ /\d+/g));
@ISA = qw(Apache::SecSess::Cookie);
## validate (usually non-cookie) credentials used to authenicate user
sub verifyIdentity {
my $self = shift;
my($r) = @_;
my $log = $r->log;
my($uid, $res, $pw, $msg);
$log->debug(ref($self), "->verifyIdentity():");
## read password and user id if present, bail otherwise
($res, $pw) = $r->get_basic_auth_pw;
SecSess/Cookie/LoginForm.pm view on Meta::CPAN
use strict;
use Apache::SecSess::Cookie;
use vars qw(@ISA $VERSION);
$VERSION = sprintf("%d.%02d", (q$Name: SecSess_Release_0_09 $ =~ /\d+/g));
@ISA = qw(Apache::SecSess::Cookie);
## validate (usually non-cookie) credentials used to authenicate user
sub verifyIdentity {
my $self = shift;
my($r) = @_;
my $log = $r->log;
my(%params, $uid, $pw, %args, $url, $form, $msg);
$log->debug(ref($self), "->verifyIdentity():");
## is this the initial visit to the form?
unless ($r->method eq 'POST') { # allow no GET for now ...
SecSess/Cookie/URL.pm view on Meta::CPAN
use Apache::SecSess::Cookie;
use Apache::SecSess::Wrapper;
use vars qw(@ISA $VERSION);
$VERSION = sprintf("%d.%02d", (q$Name: SecSess_Release_0_09 $ =~ /\d+/g));
@ISA = qw(Apache::SecSess::Cookie);
## validate (usually non-cookie) credentials used to authenicate user
sub verifyIdentity {
my $self = shift;
my($r) = @_;
my $log = $r->log;
my(%args, $ctxt, $urlcred);
$log->debug(ref($self), "->verifyIdentity():");
## extract ciphertext from URL
%args = $r->args;
$ctxt = $args{$self->authRealm};
$urlcred = $self->{wrapper}->unwraphash($ctxt);
## validate URL credentials as we would at higher level
return $self->validateCredentials($r, $urlcred);
}
1;
__END__
What are you looking at?
SecSess/Cookie/X509.pm view on Meta::CPAN
use strict;
use Apache::SecSess::Cookie;
use vars qw(@ISA $VERSION);
$VERSION = sprintf("%d.%02d", (q$Name: SecSess_Release_0_09 $ =~ /\d+/g));
@ISA = qw(Apache::SecSess::Cookie);
## validate (usually non-cookie) credentials used to authenicate user
sub verifyIdentity {
my $self = shift;
my($r) = @_;
my $log = $r->log;
my($subr, $email, $uid);
$log->debug(ref($self), "->verifyIdentity():");
## resolve user ID from certificate DN email
$subr = $r->lookup_uri($r->uri);
SecSess/Cookie/X509PIN.pm view on Meta::CPAN
use strict;
use Apache::SecSess::Cookie;
use vars qw(@ISA $VERSION);
$VERSION = sprintf("%d.%02d", (q$Name: SecSess_Release_0_09 $ =~ /\d+/g));
@ISA = qw(Apache::SecSess::Cookie);
## validate (usually non-cookie) credentials used to authenicate user
sub verifyIdentity {
my $self = shift;
my($r) = @_;
my $log = $r->log;
my($subr, $email, $uid, %params, $pin, %args, $url, $form, $msg);
$log->debug(ref($self), "->verifyIdentity():");
## resolve user ID from certificate DN email
$subr = $r->lookup_uri($r->uri);
SecSess/URL.pm view on Meta::CPAN
use Apache::Constants qw(:common :response);
use Apache::SecSess;
use Apache::SecSess::Wrapper;
use vars qw(@ISA $VERSION);
$VERSION = sprintf("%d.%02d", (q$Name: SecSess_Release_0_09 $ =~ /\d+/g));
@ISA = qw(Apache::SecSess);
## extract appropriate credentials from headers and decrypt contents
sub getCredentials {
my $self = shift;
my($r) = @_;
my $log = $r->log;
my(%args, $ctxt);
$log->debug(ref($self), "->verifyIdentity():");
## extract ciphertext from URL
%args = $r->args;
$ctxt = $args{$self->authRealm};
unless ($ctxt) { return 'No URL credentials found.'; }
return $self->{wrapper}->unwraphash($ctxt);
}
## validate (usually non-url) credentials used to authenicate user
sub verifyIdentity { my $self = shift; return undef }
## issue credentials
sub issueCredentials {
my $self = shift;
my($r) = @_;
my $log = $r->log;
my($uid, $realm, $ctxt, %args, $requrl, $idx, @chains, $chain, $url, $sep);
my($backurl);
$log->debug(ref($self), "->issueCredentials():");
## form credentials as URL query string fragments
$uid = $r->user;
$realm = $self->authRealm;
$ctxt = $self->{wrapper}->wraphash({
uid => $uid,
timestamp => time,
qop => $self->sessQOP,
authqop => $self->authQOP
});
## determine whether in (multi-host) chaining mode
demo/ht/adam.acme.com/signout/timeout.html view on Meta::CPAN
<& /index.comp, title => 'Session Timeout', content => $content &>
<%init>
my %messages = (
idle =>
'<b>Idle Timeout:</b> your session remained inactive for too long.',
expire =>
'<b>Expiration:</b> your session has expired.',
notvalid =>
'<b>No Longer Valid:</b> your session credentials are no longer valid.',
unknown =>
'<b>Unknown Reason.</b>'
);
my $content = <<"ENDCONTENT";
<font color="#f42424" size=5>Session Timeout.</font><p>
Your login session has timed out due to the following reason:
<ul>
<li> $messages{$type}
</ul>
demo/ht/john.sec.acme.com/signout/timeout.html view on Meta::CPAN
<& /index.comp, title => 'Session Timeout', content => $content &>
<%init>
my %messages = (
idle =>
'<b>Idle Timeout:</b> your session remained inactive for too long.',
expire =>
'<b>Expiration:</b> your session has expired.',
notvalid =>
'<b>No Longer Valid:</b> your session credentials are no longer valid.',
unknown =>
'<b>Unknown Reason.</b>'
);
my $content = <<"ENDCONTENT";
<font color="#f42424" size=5>Session Timeout.</font><p>
Your login session has timed out due to the following reason:
<ul>
<li> $messages{$type}
</ul>
demo/ht/lysander.acme.com/signout/timeout.html view on Meta::CPAN
<& /index.comp, title => 'Session Timeout', content => $content &>
<%init>
my %messages = (
idle =>
'<b>Idle Timeout:</b> your session remained inactive for too long.',
expire =>
'<b>Expiration:</b> your session has expired.',
notvalid =>
'<b>No Longer Valid:</b> your session credentials are no longer valid.',
unknown =>
'<b>Unknown Reason.</b>'
);
my $content = <<"ENDCONTENT";
<font color="#f42424" size=5>Session Timeout.</font><p>
Your login session has timed out due to the following reason:
<ul>
<li> $messages{$type}
</ul>
demo/ht/milt.sec.acme.com/signout/timeout.html view on Meta::CPAN
<& /index.comp, title => 'Session Timeout', content => $content &>
<%init>
my %messages = (
idle =>
'<b>Idle Timeout:</b> your session remained inactive for too long.',
expire =>
'<b>Expiration:</b> your session has expired.',
notvalid =>
'<b>No Longer Valid:</b> your session credentials are no longer valid.',
unknown =>
'<b>Unknown Reason.</b>'
);
my $content = <<"ENDCONTENT";
<font color="#f42424" size=5>Session Timeout.</font><p>
Your login session has timed out due to the following reason:
<ul>
<li> $messages{$type}
</ul>
demo/ht/noam.acme.org/signout/timeout.html view on Meta::CPAN
<& /index.comp, title => 'Session Timeout', content => $content &>
<%init>
my %messages = (
idle =>
'<b>Idle Timeout:</b> your session remained inactive for too long.',
expire =>
'<b>Expiration:</b> your session has expired.',
notvalid =>
'<b>No Longer Valid:</b> your session credentials are no longer valid.',
unknown =>
'<b>Unknown Reason.</b>'
);
my $content = <<"ENDCONTENT";
<font color="#f42424" size=5>Session Timeout.</font><p>
Your login session has timed out due to the following reason:
<ul>
<li> $messages{$type}
</ul>
demo/ht/stu.transacme.com/signout/timeout.html view on Meta::CPAN
<& /index.comp, title => 'Session Timeout', content => $content &>
<%init>
my %messages = (
idle =>
'<b>Idle Timeout:</b> your session remained inactive for too long.',
expire =>
'<b>Expiration:</b> your session has expired.',
notvalid =>
'<b>No Longer Valid:</b> your session credentials are no longer valid.',
unknown =>
'<b>Unknown Reason.</b>'
);
my $content = <<"ENDCONTENT";
<font color="#f42424" size=5>Session Timeout.</font><p>
Your login session has timed out due to the following reason:
<ul>
<li> $messages{$type}
</ul>
demo/ht/tom.acme.com/signout/timeout.html view on Meta::CPAN
<& /index.comp, title => 'Session Timeout', content => $content &>
<%init>
my %messages = (
idle =>
'<b>Idle Timeout:</b> your session remained inactive for too long.',
expire =>
'<b>Expiration:</b> your session has expired.',
notvalid =>
'<b>No Longer Valid:</b> your session credentials are no longer valid.',
unknown =>
'<b>Unknown Reason.</b>'
);
my $content = <<"ENDCONTENT";
<font color="#f42424" size=5>Session Timeout.</font><p>
Your login session has timed out due to the following reason:
<ul>
<li> $messages{$type}
</ul>
demo/httpdconf/startup.pl view on Meta::CPAN
authRealm => 'Acme',
cookieDomain => { 128 => 'stu.transacme.com' },
authenURL => 'https://stu.transacme.com/authen',
defaultURL => 'https://stu.transacme.com/chain',
renewURL => 'https://stu.transacme.com/renew',
timeoutURL => 'https://stu.transacme.com/signout/timeout.html',
adminURL => 'https://stu.transacme.com/changeid',
errorURL => 'http://stu.transacme.com/error.html'
);
## stu.transacme.com issue mangled-URL credentials based on stu cookies
$Acme::chain = Apache::SecSess::URL::Cookie->new(
dbo => Apache::SecSess::DBI->new(
dbifile => '/usr/local/apache/conf/private/dbilogin.txt'
),
secretFile => '/usr/local/apache/conf/private/ckysec.txt',
lifeTime => 1440, idleTime => 60, renewRate => 5,
sessQOP => 128, authQOP => 128,
minSessQOP => 128, minAuthQOP => 128,
authRealm => 'Acme',
authenURL => 'https://stu.transacme.com/authen',
rfc/rfc2964.txt view on Meta::CPAN
Because such practices encourage users to defeat HTTP State
Management mechanisms, they tend to reduce the effectiveness of HTTP
State Management, and are therefore considered detrimental to the
operation of the web.
2.2.2. Use as an Authentication Mechanism
It is generally inappropriate to use the HTTP State Management
protocol as an authentication mechanism. HTTP State Management is
not designed with such use in mind, and safeguards for protection of
authentication credentials are lacking in both the protocol
specification and in widely deployed HTTP clients and servers. Most
HTTP sessions are not encrypted and "cookies" may therefore be
exposed to passive eavesdroppers. Furthermore, HTTP clients and
servers typically store "cookies" in cleartext with little or no
protection against exposure. HTTP State Management therefore SHOULD
Moore & Freed Best Current Practice [Page 4]
view all matches for this distributionview release on metacpan - search on metacpan