Apache2-AuthenNTLM
view release on metacpan - search on metacpan
view release on metacpan or search on metacpan
AuthenNTLM.pm view on Meta::CPAN
use IPC::SysV qw(IPC_CREAT S_IRWXU SEM_UNDO);
use IPC::Semaphore;
sub lock
{
my $class = shift ;
my $key = shift ;
my $debug = shift ;
my $self = bless {debug => $debug}, $class ;
$self->{sem} = new IPC::Semaphore($key, 1,
IPC_CREAT | S_IRWXU) or die "Cannot create semaphore with key $key ($!)" ;
$self->{sem}->op(0, 0, SEM_UNDO,
0, 1, SEM_UNDO);
print STDERR "[$$] AuthenNTLM: enter lock\n" if ($self -> {debug}) ;
return $self ;
}
sub DESTROY
{
my $self = shift;
$self->{sem}->op(0, -1, SEM_UNDO);
print STDERR "[$$] AuthenNTLM: leave lock\n" if ($self -> {debug}) ;
}
1 ;
__END__
=head1 NAME
Apache2::AuthenNTLM - Perform Microsoft NTLM and Basic User Authentication
=head1 SYNOPSIS
<Location />
PerlAuthenHandler Apache2::AuthenNTLM
AuthType ntlm,basic
AuthName test
require valid-user
# domain pdc bdc
PerlAddVar ntdomain "name_domain1 name_of_pdc1"
PerlAddVar ntdomain "other_domain pdc_for_domain bdc_for_domain"
PerlSetVar defaultdomain wingr1
PerlSetVar splitdomainprefix 1
PerlSetVar ntlmdebug 1
</Location>
=head1 DESCRIPTION
The purpose of this module is to perform a user authentication via Microsoft's
NTLM protocol. This protocol is supported by all versions of the Internet
Explorer and is mainly useful for intranets. Depending on your preferences
setting IE will supply your windows logon credentials to the web server
when the server asks for NTLM authentication. This saves the user to type in
his/her password again.
The NTLM protocol performs a challenge/response to exchange a random number
(nonce) and get back a md4 hash, which is built from the user's password
and the nonce. This makes sure that no password goes over the wire in plain text.
The main advantage of the Perl implementation is, that it can be easily extended
to verify the user/password against other sources than a windows domain controller.
The defaultf implementation is to go to the domain controller for the given domain
and verify the user. If you want to verify the user against another source, you
can inherit from Apache2::AuthenNTLM and override it's methods.
To support users that aren't using Internet Explorer, Apache2::AuthenNTLM can
also perform basic authentication depending on its configuration.
B<IMPORTANT:> NTLM authentification works only when KeepAlive is on. (If you have set ntlmdebug 2, and see that there is no return message (type 3), check your httpd.conf file for "KeepAlive Off". If KeepAlive Off, then change it to KeepAlive On, re...
=head1 CONFIGURATION
=head2 AuthType
Set the type of authentication. Can be either "basic", "ntlm"
or "ntlm,basic" for doing both.
=head2 AuthName
Set the realm for basic authentication
=head2 require valid-user
Necessary to tell Apache to require user authentication at all. Can also
used to allow only some users, e.g.
require user foo bar
Note that Apache2::AuthenNTLM does not perform any authorization, if
the require xxx is executed by Apache itself. Alternatively you can
use another (Perl-)module to perform authorization.
=head2 PerlAddVar ntdomain "domain pdc bdc"
This is used to create a mapping between a domain and both a pdc and bdc for
that domain. Domain, pdc and bdc must be separated by a space. You can
specify mappings for more than one domain.
NOTE FOR WINDOWS ACTIVE DIRECTORY USERS: You must specify the DOMAIN for
the pdc and/or bdc. Windows smb servers will not accept ip address in dotted
quad form. For example, the SPEEVES domain pdc has an ip address of 192.168.0.2.
If you enter the ntdomain as:
PerlAddVar ntdomain 192.168.0.2
Then you will never be able be able to authenticate to the remote server correctly,
and you will receive a "Can not get NONCE" error in the error_log. You must
specify it as:
view all matches for this distributionview release on metacpan - search on metacpan
( run in 0.953 second using v1.00-cache-2.02-grep-82fe00e-cpan-2c419f77a38b )