Re: Apache 2.4 Authentication/Authorization

2019-05-16 Thread Michael Schout
gs work in 2.4. your authz_user() will be called (up to) two times. 1. Before authentication where $r->user is not set. The purpose of this is to allow you to handle *anonymous* authorization. You can return AUTHZ_GRANTED here and no authentication will happen at all I believe

Re: Apache 2.4 Authentication/Authorization

2019-05-16 Thread Adam Prime
seems that the only way to achieve what I want (and which in my views matches the 2.4 general AAA logic), would be to let the authentication method return Apache2::Const::OK, /even if the user is not authenticated/ by the configured authentication method. 2) from https://metacpan.org/pod

Re: Apache 2.4 Authentication/Authorization

2019-05-16 Thread tomcat
hieve what I want (and which in my views matches the 2.4 general AAA logic), would be to let the authentication method return Apache2::Const::OK, /even if the user is not authenticated/ by the configured authentication method. 2) from https://metacpan.org/pod/distribution/Apache-AuthCookie/REA

Apache 2.4 Authentication/Authorization

2019-05-15 Thread tomcat
Hi. I am trying to figure out what Apache2::Const return codes /can/ be returned by a mod_perl /authentication/ method under Apache 2.4+, and what consequences each of these return codes has, in terms of what Apache does next. (And also, where to find a commented list of the Apache "A

Re: Reporting bug on Apache::AuthDBI module - No authentication done

2016-10-09 Thread Wieger Opmeer
protected by Apache::AuthDBI, I get an error "No authentication done but request not allowed without authentication for /rwm/rkm/wiki/index.html. Authentication not configured?" The error appear when I try to access / while it is internally resolved into index.php thanks to "

Re: Looking for solution to Apache2::AuthCookieDBI authentication on Apache > 2.4

2016-08-30 Thread Michael Schout
On 8/24/16 7:40 AM, Tosh Cooey wrote: > Hi, I've taken a stab at updating Apache2::AuthCookieDBI myself as per: > > http://search.cpan.org/~mschout/Apache-AuthCookie/README.apache-2.4.pod > > I've changed the parent of Apache2::AuthCookieDBI to > Apache2_4::AuthCookie but that doesn't seem to wor

Re: Looking for solution to Apache2::AuthCookieDBI authentication on Apache > 2.4

2016-08-29 Thread Tosh Cooey
14:40:43 +0200 Tosh Cooey wrote: Am I barking up the wrong tree? Doing something completely wrong? Is there anybody with knowledge and experience with the 2.4 authentication API that I could hire to update Apache2::AuthCookieDBI? Thanks for any insight, No insight, but I registered a ticket for

Re: Looking for solution to Apache2::AuthCookieDBI authentication on Apache > 2.4

2016-08-24 Thread tomcat
PerlResponseHandler Apache2::AuthCookieDBI->login Am I barking up the wrong tree? Doing something completely wrong? Is there anybody with knowledge and experience with the 2.4 authentication API that I could hire to update Apache2::AuthCookieDBI? Thanks for any insight, Tosh

Re: Looking for solution to Apache2::AuthCookieDBI authentication on Apache > 2.4

2016-08-24 Thread Vegard Vesterheim
On Wed, 24 Aug 2016 14:40:43 +0200 Tosh Cooey wrote: > Am I barking up the wrong tree? Doing something completely wrong? Is > there anybody with knowledge and experience with the 2.4 > authentication API that I could hire to update Apache2::AuthCookieDBI? > > Thanks for any insig

Looking for solution to Apache2::AuthCookieDBI authentication on Apache > 2.4

2016-08-24 Thread Tosh Cooey
okieDBI AuthName berlin3 SetHandler perl-script PerlResponseHandler Apache2::AuthCookieDBI->login Am I barking up the wrong tree? Doing something completely wrong? Is there anybody with knowledge and experience with the 2.4 authentication API that I could hire to updat

Reporting bug on Apache::AuthDBI module - No authentication done

2016-05-30 Thread dcoutadeur
trying to access a context on a directory protected by Apache::AuthDBI, I get an error "No authentication done but request not allowed without authentication for /rwm/rkm/wiki/index.html. Authentication not configured?" The error appear when I try to access / while it is internally res

Re: Mod Perl and Basic Authentication

2016-03-12 Thread Matthias Schmitt
Hello, Yes! There is one very magic line in your code, which solved my problem. It is this line: $r->err_headers_out->set("WWW-Authenticate" => 'Basic realm="My Site"’); I always used: $r->headers_out->set("WWW-Authenticate" => 'Basic realm="My Site"’); When digging into the documentation one

Re: Mod Perl and Basic Authentication

2016-03-08 Thread Thomas den Braber
If the resource is not public and the user is not authenticated yet, you can add the 'WWW-Authenticate' http header and return the Apache2::Const::HTTP_UNAUTHORIZED status. This will trigger the browser to show the login dialog. You can also create a cookie and a session table in a database and ch

Re: Mod Perl and Basic Authentication

2016-03-03 Thread Matthias Schmitt
Hello, > On 02 Mar 2016, at 21:26, A. Warnier wrote: > >> $o_Req->note_basic_auth_failure(); >> $o_Req->headers_out->set('WWW-Authenticate' => "Basic"); >> $o_Req->headers_out->set('Realm' => "Login"); > > I believe that the above is supposed to be a single HTTP header, not 2 : > > WWW-Authent

Re: Mod Perl and Basic Authentication

2016-03-02 Thread Vincent Veyron
On Wed, 2 Mar 2016 17:53:39 +0100 Matthias Schmitt wrote: > I am trying to handle basic authentication using mod_perl 2.0.9 and Apache > 2.4.18. > > > BTW, the same Programm runs fine using mod_perl 2.0.6 and Apache 2.2.x. I don't use basic authentication myself so can

Re: Mod Perl and Basic Authentication

2016-03-02 Thread A. Warnier
On 02.03.2016 17:53, Matthias Schmitt wrote: Hello, I am trying to handle basic authentication using mod_perl 2.0.9 and Apache 2.4.18. I am getting the first request to my resource. The user is requesting the URL without any username or password. My program should refuse the access to this

Mod Perl and Basic Authentication

2016-03-02 Thread Matthias Schmitt
Hello, I am trying to handle basic authentication using mod_perl 2.0.9 and Apache 2.4.18. I am getting the first request to my resource. The user is requesting the URL without any username or password. My program should refuse the access to this resource and force the web browser to offer a

Dynamically setting Domain during authentication while using Apache2::AuthCookieDBI

2015-09-16 Thread Tosh Cooey
I need an auth cookie to be valid across all subdomains I have, so it makes sense to set the cookie domain to .domain.com However setting that in the Apache config via: PerlSetVar MyDomain .domain.com Isn't what I need since I want to be able to use: domain2.com domain3.com etc depending on w

Re: Perl Authorization handler called before authentication handler

2015-06-26 Thread Jie Gao
* Lathan Bidwell wrote: > Date: Fri, 12 Sep 2014 12:14:35 -0400 > From: Lathan Bidwell > To: modperl@perl.apache.org > Subject: Perl Authorization handler called before authentication handler Not sure if you still need this, but my findings are it is the correct behaviour under

Re: Perl Authorization handler called before authentication handler

2014-09-14 Thread Lathan Bidwell
>On Fri, Sep 12, 2014 at 02:25:49PM -0400, Lathan Bidwell wrote: > >> The documentation for the AuthType field does not seem to give examples > for > >> custom auth handlers. > >> > >> The AuthType I put in is the package name that has the auth subroutines > in > >> it. > >> > >> This is pulled fr

Re: Perl Authorization handler called before authentication handler

2014-09-12 Thread 'lesleyb'
mbers" > > > > > > Require membersuser testing123 > > > > > > > > > > > > But for some reason, my authorize24 subroutine is being called before my > > > authenticate24 subroutine. > > > > > > I

Re: Perl Authorization handler called before authentication handler

2014-09-12 Thread Lathan Bidwell
t; > But for some reason, my authorize24 subroutine is being called before my > > authenticate24 subroutine. > > > > I have simplified those 2 subroutines down to printing debugging info to > > the error log, (the authen sub sets $r->user('testing')), but I

Re: Perl Authorization handler called before authentication handler

2014-09-12 Thread Lathan Bidwell
1) I am sure that the subroutine is called, because I have warn statements in each subroutine. I can see in the log that authorization24 is called before authentication24. 2) The url I've been testing is /services/jacl/members/hi.html @DirectoryMatch: hm, I suppose it might be slightly faster, bu

Re: Perl Authorization handler called before authentication handler

2014-09-12 Thread 'lesleyb'
ave simplified those 2 subroutines down to printing debugging info to > the error log, (the authen sub sets $r->user('testing')), but I cannot > figure out why the handlers are called in the wrong order. Summary: Hazarding a complete guess : Wrong syntax? AuthType "

Re: Perl Authorization handler called before authentication handler

2014-09-12 Thread André Warnier
Lathan Bidwell wrote: I have looked all around apache's documentation on how to upgrade from 2.2 to 2.4, but they don't include much about using PerlAddAuthzProvider or PerlAuthenHandler. I have this config section: PerlAddAuthzProvider membersuser Application::User::Members->authorize24

Perl Authorization handler called before authentication handler

2014-09-12 Thread Lathan Bidwell
I have looked all around apache's documentation on how to upgrade from 2.2 to 2.4, but they don't include much about using PerlAddAuthzProvider or PerlAuthenHandler. I have this config section: PerlAddAuthzProvider membersuser Application::User::Members->authorize24 DirectoryIndex disab

Re: Authorization without Authentication?

2014-08-03 Thread André Warnier
Mark jensen wrote: Thanks I guess your answer will work for me if I have only static IPs but what I have suggested is an example, my DB or DNS zone is changing dynamically, can mod_perl deal with them as a DB? sub Handler { my $r = shift; my $c = $r->connection; my $user = $c->remot

RE: Authorization without Authentication?

2014-08-03 Thread Mark jensen
Thanks I guess your answer will work for me if I have only static IPs but what I have suggested is an example, my DB or DNS zone is changing dynamically, can mod_perl deal with them as a DB?

Re: Authorization without Authentication?

2014-08-03 Thread André Warnier
Mark jensen wrote: I have seen this link: http://perl.apache.org/docs/2.0/user/handlers/http.html#PerlAuthzHandler and as it said: This phase requires a successful authentication from the previous phase, because a username is needed in order to decide whether a user is authorized to access

Authorization without Authentication?

2014-08-03 Thread Mark jensen
I have seen this link: http://perl.apache.org/docs/2.0/user/handlers/http.html#PerlAuthzHandler and as it said: This phase requires a successful authentication from the previous phase, because a username is needed in order to decide whether a user is authorized to access the requested resource

Optional authentication / dynamic Require

2013-11-16 Thread Marius Gavrilescu
($r->user && is_admin $r->user) } } } DECLINED } However, apache2 asks for authentication for access to any subdirectory (because of the Require directive), and denies access if the user does not provide valid credentials. One i

Re: Building mod_perl for authentication

2011-10-12 Thread Dave Hodgkinson
On 12 Oct 2011, at 04:06, Fred Moyer wrote: > You should be able to run 5.14.1 with 2.06-dev available on > http://perl.apache.org. > > If that doesn't work, I'd suggest posting your handlers to this list. > > Looking at that symbol error though, it suggests that you may have > built mod_perl w

Re: Building mod_perl for authentication

2011-10-11 Thread Fred Moyer
, which > seemed to do everything I need OK.  That led me to remove ./site_perl/5.14.1 > altogether, so at least I'm able to run Apache version 2.2.21 with Perl 5.12.4 > and mod_perl 2.0.5. > > However authentication still doesn't work.  When I call $r->user in my &g

Building mod_perl for authentication

2011-10-08 Thread Dan Axtell
2.0.5. However authentication still doesn't work. When I call $r->user in my authenticaion script for a URL that uses basic authentication, I don't get the login pop-up at all, and $r->user returns a value of ' (single quote) when I run make test in mod_perl, the logs sho

Re: Authentication logic [was: Changing browser URL based on condition]

2011-07-17 Thread Adam Prime
On 7/17/2011 1:16 AM, Phil Van wrote: Back to Vincent's original request about session id and login: how secure is your session id? Have you signed it? If not, someone can try to sending random IDs and break your authentication. Well, if you sign it and sign it properly, you basically e

Re: Authentication logic [was: Changing browser URL based on condition]

2011-07-17 Thread Vincent Veyron
Le samedi 16 juillet 2011 à 22:16 -0700, Phil Van a écrit : > Back to Vincent's original request about session id and login: > (if you are using https, then all the above procedures do not matter) > It's via https, yes. > The second idea is that you may not need to store session on the > serve

Re: Authentication logic [was: Changing browser URL based on condition]

2011-07-17 Thread Vincent Veyron
Le samedi 16 juillet 2011 à 21:06 -0400, Perrin Harkins a écrit : > On Sat, Jul 16, 2011 at 1:01 PM, Vincent Veyron wrote: > To serialize your session to a string, you can do something like this: > use Storable qw(nfreeze); > $serialized = nfreeze \%session; > I see the light! Thanks a bunch f

Re: Authentication logic [was: Changing browser URL based on condition]

2011-07-16 Thread Phil Van
Back to Vincent's original request about session id and login: how secure is your session id? Have you signed it? If not, someone can try to sending random IDs and break your authentication. Well, if you sign it and sign it properly, you basically end up with the same idea in those &q

Re: Authentication logic [was: Changing browser URL based on condition]

2011-07-16 Thread Perrin Harkins
On Sat, Jul 16, 2011 at 1:01 PM, Vincent Veyron wrote: > As I said, I replaced the call to tie with : > > $r->pnotes('session' => Storable::retrieve($session_file)); > > where $session_file again is retrieved from the cookie. > > What I can't find out is : how do I store %session into a database >

Re: Authentication logic [was: Changing browser URL based on condition]

2011-07-16 Thread Vincent Veyron
Le vendredi 15 juillet 2011 à 17:59 -0400, Perrin Harkins a écrit : > I think you're misunderstand. Storable doesn't do this for you. The > idea is you could capture the session in a variable and write that to > a database. > Let me explain; I used to do : tie %session, 'Apache::Session::Po

Re: Authentication logic [was: Changing browser URL based on condition]

2011-07-15 Thread Perrin Harkins
On Thu, Jul 14, 2011 at 3:15 PM, Vincent Veyron wrote: > OK, I must have missed it in the doc, I'll look again. I think you're misunderstand. Storable doesn't do this for you. The idea is you could capture the session in a variable and write that to a database. If you'd rather not roll your ow

Re: Authentication logic [was: Changing browser URL based on condition]

2011-07-14 Thread Vincent Veyron
Le jeudi 14 juillet 2011 à 13:02 -0400, Michael Peters a écrit : > On 07/14/2011 12:57 PM, Vincent Veyron wrote: > > Also, I did not find how to store a hash in the database without tie. I > > read it's possible to use Data::Dumper to write the data in a field and > > read it as Perl code. Would t

Re: Authentication logic [was: Changing browser URL based on condition]

2011-07-14 Thread Michael Peters
On 07/14/2011 12:57 PM, Vincent Veyron wrote: This is what I first did, using Apache::Session. But I noticed the call to tie was very slow (response time around 70ms with it, 15ms without it), so I changed for Storable because filesystem reads were much faster. I don't personally like Apache::

Re: Authentication logic [was: Changing browser URL based on condition]

2011-07-14 Thread Vincent Veyron
Le jeudi 14 juillet 2011 à 11:34 -0400, Perrin Harkins a écrit : > On Thu, Jul 14, 2011 at 11:21 AM, Vincent Veyron wrote: > > Could you explain (very briefly) how clustering prevents file storage of > > a session? > > A cluster in this case means multiple servers, so they don't share a > filesys

Re: Authentication logic [was: Changing browser URL based on condition]

2011-07-14 Thread Perrin Harkins
On Thu, Jul 14, 2011 at 11:21 AM, Vincent Veyron wrote: > Could you explain (very briefly) how clustering prevents file storage of > a session? A cluster in this case means multiple servers, so they don't share a filesystem. There are ways to share files of course, but the common solution is to

Re: Authentication logic [was: Changing browser URL based on condition]

2011-07-14 Thread Vincent Veyron
Le mercredi 13 juillet 2011 à 13:19 -0400, Perrin Harkins a écrit : > On Tue, Jul 12, 2011 at 8:45 AM, Vincent Veyron wrote: > > -Is there anything wrong with my process? > > If it's working for you, then it sounds fine. Needing to invoke > mod_perl on every hit could be bad if you're trying to

Re: Authentication logic [was: Changing browser URL based on condition]

2011-07-13 Thread Perrin Harkins
On Tue, Jul 12, 2011 at 8:45 AM, Vincent Veyron wrote: > -Is there anything wrong with my process? If it's working for you, then it sounds fine. Needing to invoke mod_perl on every hit could be bad if you're trying to protect a lot of otherwise static pages, but it doesn't sound like you are. T

Authentication logic [was: Changing browser URL based on condition]

2011-07-12 Thread Vincent Veyron
Hi list, In a recent thread, this exchange took place : Le lundi 11 juillet 2011 à 21:54 +0200, André Warnier a écrit : > Szekeres, Edward wrote: > > It seems to be just an attempt to do what is already done in > > Apache2::AuthCookie (CPAN), which encapsulates a server side

Re: Using add_config to trigger authentication

2011-03-23 Thread Andrew Green
Hi all, On 23 Mar 2011, at 20:38, I wrote: > Actually, even the following causes a segfault: > > $r->push_handlers(PerlMapToStorageHandler => Apache2::Const::DECLINED); Nope, I'm wrong -- that segfaults if I call it from a PerlPostReadRequestHandler, but not from a PerlTransHandler. I'd moved

Re: Using add_config to trigger authentication

2011-03-23 Thread Andrew Green
Hi Torsten, On 23 Mar 2011, at 15:02, Torsten Förtsch wrote: >> Interestingly, adding a PerlMapToStorageHandler caused a segfault > > Does your code by chance return Apache2::Const::OK? If so, try to change it > to > DECLINED. Actually, even the following causes a segfault: $r->push_handlers

Re: Using add_config to trigger authentication

2011-03-23 Thread Torsten Förtsch
On Wednesday, March 23, 2011 15:26:48 Andrew Green wrote: > Interestingly, adding a PerlMapToStorageHandler caused a segfault Does your code by chance return Apache2::Const::OK? If so, try to change it to DECLINED. A PerlMapToStorageHandler returning OK prevents the core map2storage handler to be

Re: Using add_config to trigger authentication

2011-03-23 Thread Andrew Green
Hi, On 23 Mar 2011, at 13:42, Torsten Förtsch wrote: >> I'm putting together a mp2 application where I'd like to trigger >> authentication from within a PerlTransHandler, and not from httpd.conf. > > This won't work in a PerlTransHandler because between tran

Re: Using add_config to trigger authentication

2011-03-23 Thread Torsten Förtsch
On Wednesday, March 23, 2011 14:24:11 Andrew Green wrote: > I'm putting together a mp2 application where I'd like to trigger > authentication from within a PerlTransHandler, and not from httpd.conf. > > As I understand it, the following should work: > > - &

Using add_config to trigger authentication

2011-03-23 Thread Andrew Green
Hi all, I'm putting together a mp2 application where I'd like to trigger authentication from within a PerlTransHandler, and not from httpd.conf. As I understand it, the following should work: - use Apache2::RequestUtil (); $r->add_config(['require valid-user'

Re: http-authentication on postgresql

2011-03-23 Thread Perrin Harkins
Have you tried loading Apache::AuthDBI first? It looks confused about where to find the sub you specified. - Perrin On Tue, Mar 22, 2011 at 11:37 AM, Michel Jansen wrote: > > The Apache::AuthDBI package has changed Checkout the errors below! > > [Tue Mar 22 16:35:50 2011] [error] [client 19

Re: http-authentication on postgresql

2011-03-22 Thread Michel Jansen
Op 22-3-2011 18:59, Fred Moyer schreef: What version are you using? I'll take a look at this later today if I can find a spare tuit. The lastest from cpan!

Re: http-authentication on postgresql

2011-03-22 Thread Fred Moyer
What version are you using? I'll take a look at this later today if I can find a spare tuit. On Tue, Mar 22, 2011 at 8:37 AM, Michel Jansen wrote: > The Apache::AuthDBI package has changed Checkout the errors below! > > [Tue Mar 22 16:35:50 2011] [error] [client 192.168.112.1] failed to reso

Re: http-authentication on postgresql

2011-03-22 Thread Michel Jansen
The Apache::AuthDBI package has changed Checkout the errors below! [Tue Mar 22 16:35:50 2011] [error] [client 192.168.112.1] failed to resolve handler `Apache::AuthDBI::authen': Can't locate Apache/AuthDBI/authen.pm in @INC (@INC contains: /etc/perl /usr/local/lib/perl/5.10.1 /usr/local/sh

Re: http-authentication on postgresql

2011-03-22 Thread Dave Hodgkinson
Can you give us a hint as to what the errors are? On 22 Mar 2011, at 15:10, Michel Jansen wrote: > Hi There, > > I have some troubles with the http-authentication using apache2 in > combination with postgresql. I used to do it with Apache::AuthenDBI > configuring access.conf i

http-authentication on postgresql

2011-03-22 Thread Michel Jansen
Hi There, I have some troubles with the http-authentication using apache2 in combination with postgresql. I used to do it with Apache::AuthenDBI configuring access.conf in the following way: --- AuthName MyDB AuthType Basic PerlAuthenHandler Apache::AuthDBI::authen

Re: Authentication and cookies

2011-01-27 Thread Joe Schaefer
mod_perl list > Sent: Sun, January 23, 2011 3:09:01 PM > Subject: Re: Authentication and cookies > > Hi. > > This is a suggestion to solve what I understand of your problem, but > slightly >differently. > (And I admit that it is because I do not know if you can do

Re: Authentication and cookies

2011-01-23 Thread André Warnier
t more complicated than that, because Web AAA is quite spaghetti-like in terms of logic. But that, I suppose, you have already found out. Dan Axtell wrote: I'm trying to upgrade mod_perl authentication/authorization handlers for application menu to be more fine-grained by using cookie

Authentication and cookies

2011-01-21 Thread Dan Axtell
I'm trying to upgrade mod_perl authentication/authorization handlers for application menu to be more fine-grained by using cookies. The basic idea is - restrict a script alias in httpd.conf with basic authentication calling the custon handlers - validate the user ID/password i

Re: Authentication handlers in a proxy setting

2010-03-31 Thread Dan Axtell
> > To do access control for static files while still using your mod_perl > auth handler, take a look at mod_auth_tkt or perlbal. > Thanks!

Re: Authentication handlers in a proxy setting

2010-03-29 Thread Fred Moyer
On Mon, Mar 29, 2010 at 4:24 AM, Dan Axtell wrote: > server on the back end.  It seems like a lot of overhead to have mod_perl on > the front end purely for authentication; I might as well keep the monolithic > configuration I have now.  Thanks for the input, though, it helps clarify

Re: Authentication handlers in a proxy setting

2010-03-29 Thread Perrin Harkins
On Sun, Mar 28, 2010 at 3:41 PM, Dan Axtell wrote: > What I don't understand is what to do about static directories that want to > use the handlers via Directory directive, or via a local .htdocs file.  Does > any such directory need to be forwarded to the dynamic server in order to then > call th

Re: Authentication handlers in a proxy setting

2010-03-29 Thread Dan Axtell
> > It would be more logical to do the authentication on the front-end > server. Then, if the back-end server needs the result of the > authentication, you could add an appropriate HTTP header (with the > user-id and maybe more stuff) to the request, before proxying it to the &g

Re: Authentication handlers in a proxy setting

2010-03-28 Thread André Warnier
Dan Axtell wrote: Hi, I wrote some mod_perl handlers for authentication and authorization, basically to set cookies and check user roles. I use them for both static and dynamic content from Perl scripts. I'm looking into splitting Apache into two servers, one optimized for static co

Authentication handlers in a proxy setting

2010-03-28 Thread Dan Axtell
Hi, I wrote some mod_perl handlers for authentication and authorization, basically to set cookies and check user roles. I use them for both static and dynamic content from Perl scripts. I'm looking into splitting Apache into two servers, one optimized for static content and acting

WAS: A better way to handle multiple client authentication? AND ALSO: Dynamically setting PerlVars in Apache per-request

2009-12-03 Thread Tosh Cooey
goes to http://www.site.com/clientA and is presented with a login screen which is triggered by an .htaccess file in a directory called /clientA. The .htaccess file directs Apache to perform DBI-based authentication using Apache2::AuthCookieDBI. PerlSetVar AuthDBI_DSN DBI:mysql:clientA This

Re: A better way to handle multiple client authentication?

2009-11-21 Thread William T
The documentation alludes to the variable 'pwd_whereclause'. If this variable is set it will be used in the passwd query. I would try and set it per client so that the query gets an additional where clause: SELECT pwd_field FROM pwd_table WHERE uid_field = user AND client = clientA

A better way to handle multiple client authentication?

2009-11-21 Thread Tosh Cooey
/clientA. The .htaccess file directs Apache to perform DBI-based authentication using Apache::AuthDBI. PerlSetVar Auth_DBI_data_source DBI:mysql:clientA This works great, but I am aware of the limitations and I would like to set up some rules in the Apache config that accomplish this all without

Re: Authentication handler

2008-12-18 Thread Bruce Johnson
On Dec 18, 2008, at 3:31 PM, André Warnier wrote: Bruce Johnson wrote: I'm looking at the code at the modperl.com site <http://www.modperl.com/book/chapters/ch6.html > ('Authenticating against a database') as I need to write an authentication handler for our site.

Re: Authentication handler

2008-12-18 Thread André Warnier
Bruce Johnson wrote: I'm looking at the code at the modperl.com site <http://www.modperl.com/book/chapters/ch6.html> ('Authenticating against a database') as I need to write an authentication handler for our site. This is part of the sample code: # file: Apache/GateKeep

Authentication handler

2008-12-18 Thread Bruce Johnson
I'm looking at the code at the modperl.com site <http://www.modperl.com/book/chapters/ch6.html > ('Authenticating against a database') as I need to write an authentication handler for our site. This is part of the sample code: # file: Apache/GateKeeper.pm use strict; use

Re: [MP2] [QUESTION] authentication modules (reuse of mod_auth_basic, mod_auth_digest, mod_auth_ntlm) and cookies

2008-01-30 Thread Rolf Schaufelberger
for the next > requests (I would write this last module in Perl) > > > The indirect question (good luck ;)) > > I am currently working on a project to develop a server hosting HTTP > applications developed with different technologies and I am in charge of > the session mana

Re: [MP2] [QUESTION] authentication modules (reuse of mod_auth_basic, mod_auth_digest, mod_auth_ntlm) and cookies

2008-01-30 Thread Torsten Foertsch
kie generates a valid > cookie Sorry, but I haven't really understood what you are trying to achieve. I assume you understand the difference between authentication and authorization and how they work together. If not try to figure that out first. 1) Perhaps you want to replace a s

Re: [MP2] [QUESTION] authentication modules (reuse of mod_auth_basic, mod_auth_digest, mod_auth_ntlm) and cookies

2008-01-30 Thread titetluc titetluc
e the mod_auth_basic module (or mod_auth_digest or > > mod_auth_ntlm) to authenticate a client for the first request, > >. then create a session tracking module (based on cookies) for the > > next requests (I would write this last module in Perl) > > > The cookie needs

Re: [MP2] [QUESTION] authentication modules (reuse of mod_auth_basic, mod_auth_digest, mod_auth_ntlm) and cookies

2008-01-29 Thread Rafael Caceres
cookies) for the > next requests (I would write this last module in Perl) > The cookie needs to be setup upon authentication, so you have to use an authentication module other than the basic authentication, which does not set up a cookie. > > The indirect question (good luck ;)) >

[MP2] [QUESTION] authentication modules (reuse of mod_auth_basic, mod_auth_digest, mod_auth_ntlm) and cookies

2008-01-29 Thread titetluc titetluc
currently working on a project to develop a server hosting HTTP applications developed with different technologies and I am in charge of the session management (authentication along with SSO) for the HTTP-based applications. Applications are developed in . PHP . Servlet I can not modify these

Re: Custom authentication (weird)

2007-11-20 Thread Vegard Vesterheim
On Sun, 18 Nov 2007 10:26:14 -0800 Dodger <[EMAIL PROTECTED]> wrote: > Heya, I'd like to implement a custom authentication without > authentication. Seeing as I don't see anything about what I want to do > in the normal auth stuff, I figure I will need to do mod_perl. >

Custom authentication (weird)

2007-11-19 Thread Dodger
Heya, I'd like to implement a custom authentication without authentication. Seeing as I don't see anything about what I want to do in the normal auth stuff, I figure I will need to do mod_perl. I can get this all on my own if need be, but if someone else has already invented this wheel

Re: [OT] Client authentication

2007-09-23 Thread Philippe M. Chiasson
Bill Moseley wrote: > On Sun, Sep 23, 2007 at 01:44:44AM -0700, Philippe M. Chiasson wrote: >> >>> If the concern is that someone might spoof an IP address then the >>> shared secret seems adequate. >> If the secret is ever compromised, you have to update every single >> client/server out there. If

Re: [OT] Client authentication

2007-09-23 Thread Bill Moseley
On Sun, Sep 23, 2007 at 01:44:44AM -0700, Philippe M. Chiasson wrote: > > > > If the concern is that someone might spoof an IP address then the > > shared secret seems adequate. > > If the secret is ever compromised, you have to update every single > client/server out there. If a client cert is

Re: [OT] Client authentication

2007-09-23 Thread Philippe M. Chiasson
Bill Moseley wrote: > This isn't mod_perl related, but I'm hoping someone here has > experience in this area and can provide some feedback. > Recommendation of a better list for this question is also welcome. > > I have a mod_perl/SOAP::Lite server application where I need to > authenticate the

[OT] Client authentication

2007-09-22 Thread Bill Moseley
This isn't mod_perl related, but I'm hoping someone here has experience in this area and can provide some feedback. Recommendation of a better list for this question is also welcome. I have a mod_perl/SOAP::Lite server application where I need to authenticate the connecting clients. The clients a

Re: asynchronous perl authentication!?

2007-06-07 Thread Perrin Harkins
On 6/7/07, _spitFIRE <[EMAIL PROTECTED]> wrote: How do I use IFRAME here? If you Google for information on how to use IFRAMEs, I'm sure you'll find better information than I can give you. The basic idea is that it's a floating frame in part of your page where you put your login form and show t

Re: asynchronous perl authentication!?

2007-06-07 Thread Jonathan Vanasco
On Jun 7, 2007, at 12:23 PM, [EMAIL PROTECTED] wrote: Look at the control flow of Apache AuthCookie module and let me know if it can be done! http://search.cpan.org/~mschout/Apache-AuthCookie-3.10/lib/Apache2/ AuthCookie.pm The control flow shouldn't matter-- if its doing a redirect based o

Re: asynchronous perl authentication!?

2007-06-07 Thread _spitFIRE
e control flow of Apache AuthCookie module and let me know if it can be done! http://search.cpan.org/~mschout/Apache-AuthCookie-3.10/lib/Apache2/AuthCookie.pm -- View this message in context: http://www.nabble.com/asynchronous-perl-authentication%21--tf3860218.html#a11011410 Sent from the mod_per

Re: asynchronous perl authentication!?

2007-06-07 Thread Jonathan Vanasco
On Jun 7, 2007, at 10:52 AM, _spitFIRE wrote: Hi Adam, You are perfectly right. However, I'm in dire need of a Ajax style login. Do you have any clue on how to go about implementing the sytem? just do an xmlhttprequest to your auth script. have it redirect to a page that prints 0 if the

Re: asynchronous perl authentication!?

2007-06-07 Thread _spitFIRE
w do I use IFRAME here? Can you give me some more info on that? Or at least a sketch of the implementation? I'm sorry if I'm asking too much. -- View this message in context: http://www.nabble.com/asynchronous-perl-authentication%21--tf3860218.html#a11009532 Sent from the mod_perl - General mailing list archive at Nabble.com.

Re: asynchronous perl authentication!?

2007-06-07 Thread _spitFIRE
Hi Adam, You are perfectly right. However, I'm in dire need of a Ajax style login. Do you have any clue on how to go about implementing the sytem? Adam Tistler wrote: > > Even if you use AJAX, the page will still refresh because the AuthCookie > module's authentication me

Re: asynchronous perl authentication!?

2007-06-06 Thread Perrin Harkins
On 6/6/07, Adam Tistler <[EMAIL PROTECTED]> wrote: Even if you use AJAX, the page will still refresh because the AuthCookie module's authentication method redirect's you back to the login page so that the session cookie can be checked. If it's your AJAX request get

Re: asynchronous perl authentication!?

2007-06-06 Thread Adam Tistler
Even if you use AJAX, the page will still refresh because the AuthCookie module's authentication method redirect's you back to the login page so that the session cookie can be checked. You might be able to get around that by overloading the authentication method using a subrequest in

Re: asynchronous perl authentication!?

2007-06-03 Thread Jonathan Vanasco
efreshing, because you're submitting a form and requesting a new page in the main browser window. to keep the page from refreshing, you want to handle that via xmlhttprequest or something similar - where javascript or flash communicates with the server , handles the authentication, and popu

Re: asynchronous perl authentication!?

2007-06-03 Thread Perrin Harkins
On 6/3/07, _spitFIRE <[EMAIL PROTECTED]> wrote: I would basically like to stop the entire page getting refreshed and have the normal ajax style login here; is that possible? Not sure what you could consider "normal" here, but there's no reason you can't use any of the popular JavaScript librari

Re: asynchronous perl authentication!?

2007-06-03 Thread Scott Gifford
_spitFIRE <[EMAIL PROTECTED]> writes: > Hi All, > I have written a simple perl module (using apache authcookie) for > authenticating users. However, whenever the user types a wrong password, > the entire page refreshes. Is it possible to do a ajax style authentication > he

asynchronous perl authentication!?

2007-06-03 Thread _spitFIRE
Hi All, I have written a simple perl module (using apache authcookie) for authenticating users. However, whenever the user types a wrong password, the entire page refreshes. Is it possible to do a ajax style authentication here??? I'm sorry if my understanding is seriously flawed (I&#x

Re: Authentication Problem

2007-04-17 Thread Scott Gifford
Scott Gifford <[EMAIL PROTECTED]> writes: [...] > The cause seems to be that when mod_perl gets an "Authorization" > header in the request, it doesn't supply a "WWW-Authenticate" header > in the response. Nevermind, found it, the solution was to call: $r->note_basic_auth_failure(); Sco

Authentication Problem

2007-04-17 Thread Scott Gifford
Hello, I'm having trouble with PerlAuthenHandler. The symptom is that in a browser (Firefox at least), I'm prompted for a password the first time I visit a page. If I enter it incorrectly, I'm not prompted again, but instead just see the error page. The cause seems to be that when mod_perl gets

  1   2   3   >