You are viewing a plain text version of this content. The canonical link for it is here.
Posted to modperl@perl.apache.org by Marcel Weber <mm...@ncpro.com> on 2002/02/11 22:22:15 UTC
Multiple authentication methods
Hi
I've got the following problem: We've got a restricted webserver area which
should be accessable to
a. our intranet users, which have a Windows NT account. For them I'd like to
do the authentication via AuthenSmb. I can do this perfectly against our
Windows 2000 DCs.
b. External customers. For them I'd like to store a user / password
combinatin in a SQL Database.
This also works successfully.
So my question is now: How can I combine the two authentication methods?
Say, a directive that says, check first if the user is member of the windows
2000 domain and if not, check if the user is in the database.
I tried this with the following directive in httpd.conf:
<Location /test>
AuthName Test
AuthType Basic
PerlSetVar myPDC SAMBA
PerlSetVar myDOMAIN ARBEITSGRUPPE
PerlAuthenHandler Apache::AuthenSmb Apache::AuthSybase
require valid-user
</Location>
This does not work though. So is there a way to get this working? Or do I
have to write a module, that combines the two authentication schemes?
Any help is welcome!
Marcel
--
______
(Muuuhh)
Global Village Sau ==> ^..^ |/¯¯¯¯¯
(Kann Fremdsprache) ==> (oo)
Re: Question...
Posted by Rodney Hampton <rh...@uniphied.com>.
Actually, you can use the onUnload handler in the body tag.
http://developer.netscape.com/docs/manuals/communicator/jsref/evnt24.htm
Rodney Hampton
Jon Robison wrote:
>
> On page leave? Well I think you can of course use javascript on all the
> links on the page, but I don't believe you can do much about the user
> typing in a new url in the browser. . .
> but that's just IMHO.
>
> --Jon
>
> Ryan Parr wrote:
> >
> > I think I'm missing something...
> >
> > If you set a session cookie (i.e. one with no expiry time) then the cookie
> > will be deleted immediately upon browser close, forcing the user to login
> > again if they've closed their browser instance.
> >
> > If you don't use cookies and allow basic auth then the exact same behavior
> > is called, forcing the user to re-login only if they've closed that browser
> > instance.
> >
> > Is there someway to expire cookies on page leave, or is this the smartass
> > thing you were referring to? :)
> >
> > -- Ryan Parr
> >
> > ----- Original Message -----
> > From: "Jon Robison" <jr...@uniphied.com>
> > To: "Ron Beck" <rb...@tqtx.com>
> > Cc: <mo...@apache.org>
> > Sent: Tuesday, February 12, 2002 12:28 PM
> > Subject: Re: Question...
> >
> > > Cookies!
> > >
> > > /me is in smartass mode today.
> > >
> > > --Jon
> > >
> > > Ron Beck wrote:
> > > >
> > > > Hello all,
> > > > I need to know how to clear the $ENV variables. For example, I use a
> > > > .htaccess file for specific directories which requires the user to enter
> > > > userID and password. When they exit the page, I want them to have to
> > > > re-enter userID and passwd if they enter the page again. Does anyone
> > > > know how this is accomplished?
> > > >
> > > > TIA,
> > > > Ron
Re: Question...
Posted by Jon Robison <jr...@uniphied.com>.
On page leave? Well I think you can of course use javascript on all the
links on the page, but I don't believe you can do much about the user
typing in a new url in the browser. . .
but that's just IMHO.
--Jon
Ryan Parr wrote:
>
> I think I'm missing something...
>
> If you set a session cookie (i.e. one with no expiry time) then the cookie
> will be deleted immediately upon browser close, forcing the user to login
> again if they've closed their browser instance.
>
> If you don't use cookies and allow basic auth then the exact same behavior
> is called, forcing the user to re-login only if they've closed that browser
> instance.
>
> Is there someway to expire cookies on page leave, or is this the smartass
> thing you were referring to? :)
>
> -- Ryan Parr
>
> ----- Original Message -----
> From: "Jon Robison" <jr...@uniphied.com>
> To: "Ron Beck" <rb...@tqtx.com>
> Cc: <mo...@apache.org>
> Sent: Tuesday, February 12, 2002 12:28 PM
> Subject: Re: Question...
>
> > Cookies!
> >
> > /me is in smartass mode today.
> >
> > --Jon
> >
> > Ron Beck wrote:
> > >
> > > Hello all,
> > > I need to know how to clear the $ENV variables. For example, I use a
> > > .htaccess file for specific directories which requires the user to enter
> > > userID and password. When they exit the page, I want them to have to
> > > re-enter userID and passwd if they enter the page again. Does anyone
> > > know how this is accomplished?
> > >
> > > TIA,
> > > Ron
Re: Question...
Posted by Steve Piner <st...@marketview.co.nz>.
Do you need to expire the cookie when you leave the page? How about the
following.
When they login, you send down a cookie. when they go to that page, you
check the cookie they sent, but send out a new value for that cookie,
invalidating it. So when they leave that page they send back your
invalid cookie.
When they go back to the page, they'll send the invalid cookie, and you
can then prompt them to log in or whatever.
You'll get the invalid cookie sent back for images on that page, but
that usually isn't a problem.
Steve Piner
Ryan Parr wrote:
>
> I think I'm missing something...
>
> If you set a session cookie (i.e. one with no expiry time) then the cookie
> will be deleted immediately upon browser close, forcing the user to login
> again if they've closed their browser instance.
>
> If you don't use cookies and allow basic auth then the exact same behavior
> is called, forcing the user to re-login only if they've closed that browser
> instance.
>
> Is there someway to expire cookies on page leave, or is this the smartass
> thing you were referring to? :)
>
> -- Ryan Parr
>
> ----- Original Message -----
> From: "Jon Robison" <jr...@uniphied.com>
> To: "Ron Beck" <rb...@tqtx.com>
> Cc: <mo...@apache.org>
> Sent: Tuesday, February 12, 2002 12:28 PM
> Subject: Re: Question...
>
> > Cookies!
> >
> > /me is in smartass mode today.
> >
> > --Jon
> >
> > Ron Beck wrote:
> > >
> > > Hello all,
> > > I need to know how to clear the $ENV variables. For example, I use a
> > > .htaccess file for specific directories which requires the user to enter
> > > userID and password. When they exit the page, I want them to have to
> > > re-enter userID and passwd if they enter the page again. Does anyone
> > > know how this is accomplished?
> > >
> > > TIA,
> > > Ron
RE: Question...
Posted by Burak Gürsoy <je...@yahoo.com>.
you can use sessions... there are some modules for this. Forexample,
Apache::ASP has the $Session object... or you can use javascript to delete
the cookie (maybe)
-----Original Message-----
From: Ryan Parr [mailto:ryanparr@cableone.net]
Sent: Wednesday, February 13, 2002 11:00 AM
To: Jon Robison; Ron Beck
Cc: modperl@apache.org
Subject: Re: Question...
I think I'm missing something...
If you set a session cookie (i.e. one with no expiry time) then the cookie
will be deleted immediately upon browser close, forcing the user to login
again if they've closed their browser instance.
If you don't use cookies and allow basic auth then the exact same behavior
is called, forcing the user to re-login only if they've closed that browser
instance.
Is there someway to expire cookies on page leave, or is this the smartass
thing you were referring to? :)
-- Ryan Parr
----- Original Message -----
From: "Jon Robison" <jr...@uniphied.com>
To: "Ron Beck" <rb...@tqtx.com>
Cc: <mo...@apache.org>
Sent: Tuesday, February 12, 2002 12:28 PM
Subject: Re: Question...
> Cookies!
>
> /me is in smartass mode today.
>
> --Jon
>
> Ron Beck wrote:
> >
> > Hello all,
> > I need to know how to clear the $ENV variables. For example, I use a
> > .htaccess file for specific directories which requires the user to enter
> > userID and password. When they exit the page, I want them to have to
> > re-enter userID and passwd if they enter the page again. Does anyone
> > know how this is accomplished?
> >
> > TIA,
> > Ron
_________________________________________________________
Do You Yahoo!?
Get your free @yahoo.com address at http://mail.yahoo.com
Re: Question...
Posted by Ryan Parr <ry...@cableone.net>.
I think I'm missing something...
If you set a session cookie (i.e. one with no expiry time) then the cookie
will be deleted immediately upon browser close, forcing the user to login
again if they've closed their browser instance.
If you don't use cookies and allow basic auth then the exact same behavior
is called, forcing the user to re-login only if they've closed that browser
instance.
Is there someway to expire cookies on page leave, or is this the smartass
thing you were referring to? :)
-- Ryan Parr
----- Original Message -----
From: "Jon Robison" <jr...@uniphied.com>
To: "Ron Beck" <rb...@tqtx.com>
Cc: <mo...@apache.org>
Sent: Tuesday, February 12, 2002 12:28 PM
Subject: Re: Question...
> Cookies!
>
> /me is in smartass mode today.
>
> --Jon
>
> Ron Beck wrote:
> >
> > Hello all,
> > I need to know how to clear the $ENV variables. For example, I use a
> > .htaccess file for specific directories which requires the user to enter
> > userID and password. When they exit the page, I want them to have to
> > re-enter userID and passwd if they enter the page again. Does anyone
> > know how this is accomplished?
> >
> > TIA,
> > Ron
Re: Question...
Posted by Jon Robison <jr...@uniphied.com>.
Cookies!
/me is in smartass mode today.
--Jon
Ron Beck wrote:
>
> Hello all,
> I need to know how to clear the $ENV variables. For example, I use a
> .htaccess file for specific directories which requires the user to enter
> userID and password. When they exit the page, I want them to have to
> re-enter userID and passwd if they enter the page again. Does anyone
> know how this is accomplished?
>
> TIA,
> Ron
Re: Question...
Posted by Uwe Voelker <uw...@gmx.de>.
> I need to know how to clear the $ENV variables. For example, I use a
> .htaccess file for specific directories which requires the user to enter
> userID and password. When they exit the page, I want them to have to
> re-enter userID and passwd if they enter the page again. Does anyone
> know how this is accomplished?
Clearing %ENV will not work. You have to send a 403 response.
Uwe
Question...
Posted by Ron Beck <rb...@tqtx.com>.
Hello all,
I need to know how to clear the $ENV variables. For example, I use a
.htaccess file for specific directories which requires the user to enter
userID and password. When they exit the page, I want them to have to
re-enter userID and passwd if they enter the page again. Does anyone
know how this is accomplished?
TIA,
Ron
Re: Multiple authentication methods
Posted by Aaron Ross <ro...@alias-i.com>.
>
> <Location /test>
> AuthName Test
> AuthType Basic
> PerlSetVar myPDC SAMBA
> PerlSetVar myDOMAIN ARBEITSGRUPPE
> PerlAuthenHandler Apache::AuthenSmb Apache::AuthSybase
> require valid-user
> </Location>
>
is mod_perl compiled with STACKED HANDLERS?
the first module to run will need to return DECLINED for the second to
ever see the request. You may need a simple AuthHandler that always
fails at the end. Try AuthenSmb, DECLINED or OK, try AuthSybase,
DECLINED or OK, then AuthFailed, always returned FORBIDDEN.
HTH, aaron
--
aaron ross . alias intelligence, inc
email . ross@alias-i.com
phone . 215 545 6428
Re: Multiple authentication methods
Posted by Geoffrey Young <ge...@modperlcookbook.org>.
> the only problem is that,
> for the PerlAuthenHandler and PerlAuthzHandler the first handler to
> return an Apache error code (anything other than OK, DECLINED, or
> DONE) terminates the chain. which is generally fine, except when you
> want to return AUTH_REQUIRED and note_basic_auth_failure().
blarg...
of course, returning OK also ends the chain, meaning that the user
has been authenticated and Apache can stop now. in that respect both
the PerlAuthenHandler and PerlAuthzHandler are like the
PerlTransHandler (if that helps you think about it).
sorry, too much information up there :)
--Geoff
Re: Multiple authentication methods
Posted by Geoffrey Young <ge...@modperlcookbook.org>.
Aaron Ross wrote:
>
> shouldn't stacked handlers be the right solution here? are stacked auth
> handlers not allowed or something?
>
yes, you can stack multiple auth handlers. the only problem is that,
for the PerlAuthenHandler and PerlAuthzHandler the first handler to
return an Apache error code (anything other than OK, DECLINED, or
DONE) terminates the chain. which is generally fine, except when you
want to return AUTH_REQUIRED and note_basic_auth_failure().
when writing your own auth modules, you could return DECLINED (and not
call note_basic_auth_failure()) instead of AUTH_REQUIRED and let
mod_auth take care of setting AUTH_REQUIRED for you (since the perl
handlers generally run before the Apache C modules). however, with
Apache::AuthFoo, the AUTH_REQUIRED stuff is generally compiled in,
which means that the authentication chain is terminated prematurely.
the solution darren posted is kinda nifty and is along the lines of
what you would need to have in order to use the shrink-wrapped
Apache:: solutions - one controlling handler that traps the return
code of the other handlers, keeping them from Apache so that Apache
doesn't end the handler chain before you're ready.
HTH
--Geoff
Re: Multiple authentication methods
Posted by darren chamberlain <dl...@users.sourceforge.net>.
Quoting Aaron Ross <ro...@alias-i.com> [13 Feb-02 09:21]:
> shouldn't stacked handlers be the right solution here? are
> stacked auth handlers not allowed or something?
Assuming your mod_perl has been built with them, then, yes, that's
probably a better solution. But I had a fun 15 minutes writing
Apache::MultiAuthen, though. :)
(darren)
--
My studies in Speculative Philosophy, metaphysics, and science are
all summed up in the image of a mouse called man running in and
out of every hole in the Cosmos hunting for the Absolute Cheese.
-- Edmund Burke
RE: Multiple authentication methods
Posted by "Stathy G. Touloumis" <st...@edventions.com>.
He wants to check a 'handler' return value.
> shouldn't stacked handlers be the right solution here? are stacked auth
> handlers not allowed or something?
>
> aaron
>
> On Wed, 2002-02-13 at 09:02, darren chamberlain wrote:
> > Quoting Marcel Weber <mm...@ncpro.com> [12 Feb-02 16:15]:
> > > I don't get the point why it did not work the other way round,
> > > but now everything is just fine now :
> >
> > Make it a little more generic:
> >
> > package Apache::MultiAuthen;
> >
> > use strict;
> > use Apache::Constants qw(:common);
> >
> > sub handler {
> > my $r = shift;
> > my($res, $sent_pw) = $r->get_basic_auth_pw;
> > return $res if $res != OK;
> >
> > # Tweak this; unsure about dir_config returning an array
> > my @auth_modules = $r->dir_config("AuthModules");
> >
> > for my $am (@auth_modules) {
> > load($am);
> >
> > if ($@) {
> > $r->log("Error loading module '$am': $@");
> > next;
> > }
> >
> > my $handler = \&{"$am\::handler"};
> > if ($handler->($r) == OK) {
> > $r->log_reason("$am return OK");
> > return OK
> > }
> >
> > $r->log_reason("$am not OK");
> > }
> >
> > $r->note_basic_auth_failure;
> > return AUTH_REQUIRED;
> > }
> >
> > sub load {
> > my $module = @_;
> > $module =~ s[::][/]g;
> > $module .= '.pm';
> >
> > eval { require $module; };
> >
> > return $@ ? 1 : 0;
> > }
> >
> > 1;
> >
> > __END__
> >
> > (darren)
> >
> > --
> > Never attribute to malice that which is adequately explained by
> > incompetence.
> > -- Napolean Bonaparte
> --
> aaron ross . alias intelligence, inc
> email . ross@alias-i.com
> phone . 215 545 6428
>
Re: Multiple authentication methods
Posted by Aaron Ross <ro...@alias-i.com>.
shouldn't stacked handlers be the right solution here? are stacked auth
handlers not allowed or something?
aaron
On Wed, 2002-02-13 at 09:02, darren chamberlain wrote:
> Quoting Marcel Weber <mm...@ncpro.com> [12 Feb-02 16:15]:
> > I don't get the point why it did not work the other way round,
> > but now everything is just fine now :
>
> Make it a little more generic:
>
> package Apache::MultiAuthen;
>
> use strict;
> use Apache::Constants qw(:common);
>
> sub handler {
> my $r = shift;
> my($res, $sent_pw) = $r->get_basic_auth_pw;
> return $res if $res != OK;
>
> # Tweak this; unsure about dir_config returning an array
> my @auth_modules = $r->dir_config("AuthModules");
>
> for my $am (@auth_modules) {
> load($am);
>
> if ($@) {
> $r->log("Error loading module '$am': $@");
> next;
> }
>
> my $handler = \&{"$am\::handler"};
> if ($handler->($r) == OK) {
> $r->log_reason("$am return OK");
> return OK
> }
>
> $r->log_reason("$am not OK");
> }
>
> $r->note_basic_auth_failure;
> return AUTH_REQUIRED;
> }
>
> sub load {
> my $module = @_;
> $module =~ s[::][/]g;
> $module .= '.pm';
>
> eval { require $module; };
>
> return $@ ? 1 : 0;
> }
>
> 1;
>
> __END__
>
> (darren)
>
> --
> Never attribute to malice that which is adequately explained by
> incompetence.
> -- Napolean Bonaparte
--
aaron ross . alias intelligence, inc
email . ross@alias-i.com
phone . 215 545 6428
Re: Multiple authentication methods
Posted by Marcel Weber <mm...@ncpro.com>.
Hi Darren
Would you submit the current version? If you need help with the
Documentation just let me know. For the makefile, I do not have any
experience.
Marcel
Am Mittwoch den, 13. Februar 2002, um 21:01, schrieb darren chamberlain:
> Quoting Marcel Weber <mm...@ncpro.com> [13 Feb-02 14:53]:
>> Why not submitting this somewhere? I think this could be
>> usefull for quite a lot of people. I think this is cool, as you
>> do not have to worry wether the module returns DECLINED or
>> AUTH_REQUIRED.
>
> I can package this up and put it on CPAN as version 0.01 tomorrow
> morning, if that seems reasonable to everyone involved. I'll
> need to add some docs and a Makefile.PL, of course.
>
> (darren)
>
> --
> To believe is very dull. To doubt is intensely engrossing. To be on
> alert is to live, to be lulled into security is to die.
> -- Oscar Wilde
>
>
-------------------
PGP / GPG Key: http://www.ncpro.com/GPG/mmweber-at-ncpro-com.asc
Re: Multiple authentication methods
Posted by darren chamberlain <dl...@users.sourceforge.net>.
Quoting Marcel Weber <mm...@ncpro.com> [13 Feb-02 14:53]:
> Why not submitting this somewhere? I think this could be
> usefull for quite a lot of people. I think this is cool, as you
> do not have to worry wether the module returns DECLINED or
> AUTH_REQUIRED.
I can package this up and put it on CPAN as version 0.01 tomorrow
morning, if that seems reasonable to everyone involved. I'll
need to add some docs and a Makefile.PL, of course.
(darren)
--
To believe is very dull. To doubt is intensely engrossing. To be on
alert is to live, to be lulled into security is to die.
-- Oscar Wilde
Re: Multiple authentication methods
Posted by Geoffrey Young <ge...@modperlcookbook.org>.
> <untested>
>
> I think you might need to iterate through $r->err_headers_out and
> remove WWW-Authenticate and Proxy-Authenticate after each
> authentication module runs.
>
> say you have an AuthSMB and AythSybase chain. AuthSMB calls
> note_basic_auth_failure and sets the WWW-Authenticate header,
> AuthSybase succeeds and sets the Authorizaion header. in this case,
> both WWW-Authenticate and Authorization will be passed to the browser
> (I think), which could lead to spurious results in some browsers.
>
> </untested>
or not. the browser sends the Authorization header, last I checked :)
at any rate, I think my thoughts were headed somewhere. you might end
up with a popup box on every request or something if every request
ends up with a WWW-Authenticate header. it at least warrants a test I
would think.
the return code part is probably valid, though.
anyway, I swear to start thinking before I type from now on...
--Geoff
Re: Multiple authentication methods
Posted by Geoffrey Young <ge...@modperlcookbook.org>.
Marcel Weber wrote:
>
> Fixed some errors. Here comes the working version:
>
<untested>
I think you might need to iterate through $r->err_headers_out and
remove WWW-Authenticate and Proxy-Authenticate after each
authentication module runs.
say you have an AuthSMB and AythSybase chain. AuthSMB calls
note_basic_auth_failure and sets the WWW-Authenticate header,
AuthSybase succeeds and sets the Authorizaion header. in this case,
both WWW-Authenticate and Authorization will be passed to the browser
(I think), which could lead to spurious results in some browsers.
</untested>
also, you might want to check specifically for AUTH_REQUIRED instead
of OK in the chain. AUTH_REQUIRED is not the only return code that
get_basic_auth_pw can return (SERVER_ERROR and DECLINED are also
possible) and you probably would want to propagate a SERVER_ERROR
rather than returning AUTH_REQUIRED.
HTH
--Geoff
RE: Multiple authentication methods
Posted by "Stathy G. Touloumis" <st...@edventions.com>.
Cool . . .
Thanks for the tip : )
> > > The easiest thing would be to use Config, and do:
> > >
> > > $module =~ s[::][$Config{'path_sep'}]g;
> > >
> > > Right?
> >
> >Maybe not : ) When checking on 2 linux systems I got a path seperator of
> >':'. Can you let me know if you get similar results?
> >
>
> I'm getting the same problem here. It seems like
> $Config{path_sep} has been
> misunderstood: it gives ':' on Unix and ';' on Windows, so I believe it
> means the separator between different items in your PATH
> (/usr/bin:/usr/local/bin etc..).
>
> I think what you need is File::Spec.
>
> Use this instead:
> $module = File::Spec->catfile(split /::/, $module);
>
> That'll be portable.
RE: Multiple authentication methods
Posted by Per Einar Ellefsen <pe...@skynet.be>.
At 16:51 13.02.2002 -0600, Stathy G. Touloumis wrote:
> > The easiest thing would be to use Config, and do:
> >
> > $module =~ s[::][$Config{'path_sep'}]g;
> >
> > Right?
>
>Maybe not : ) When checking on 2 linux systems I got a path seperator of
>':'. Can you let me know if you get similar results?
>
I'm getting the same problem here. It seems like $Config{path_sep} has been
misunderstood: it gives ':' on Unix and ';' on Windows, so I believe it
means the separator between different items in your PATH
(/usr/bin:/usr/local/bin etc..).
I think what you need is File::Spec.
Use this instead:
$module = File::Spec->catfile(split /::/, $module);
That'll be portable.
--
Per Einar Ellefsen
per.einar@skynet.be
RE: Multiple authentication methods
Posted by Per Einar Ellefsen <pe...@skynet.be>.
At 17:21 13.02.2002 -0600, you wrote:
>File::Spec is in included with the standard perl mods I believe
>so dependencies shouldn't be a problem.
>
> > I see. You're right, this is actually much nicer!
> >
> > Sorry for the misinformation. On debian it return : also. I made a
> > mistake checking it.
> >
> > But with the suggested code by Per it works just fine:
> >
> > sub load {
> > my $module=@_[0];
> > $module = File::Spec->catfile(split /::/, $module);
> > $module .= '.pm';
> >
> > eval { require $module; };
> >
> > return $@ ? 1 : 0;
> > }
> >
> > Of course one has to put a use File::Spec at the beginning and a Per
> > Finar Ellefsen
That's Per Einar :)
I think this module is a great idea. You should get it on CPAN as soon as
possible.
--
Per Einar Ellefsen
per.einar@skynet.be
RE: Multiple authentication methods
Posted by "Stathy G. Touloumis" <st...@edventions.com>.
File::Spec is in included with the standard perl mods I believe
so dependencies shouldn't be a problem.
> I see. You're right, this is actually much nicer!
>
> Sorry for the misinformation. On debian it return : also. I made a
> mistake checking it.
>
> But with the suggested code by Per it works just fine:
>
> sub load {
> my $module=@_[0];
> $module = File::Spec->catfile(split /::/, $module);
> $module .= '.pm';
>
> eval { require $module; };
>
> return $@ ? 1 : 0;
> }
>
> Of course one has to put a use File::Spec at the beginning and a Per
> Finar Ellefsen
Re: Multiple authentication methods
Posted by Marcel Weber <mm...@ncpro.com>.
I see. You're right, this is actually much nicer!
Sorry for the misinformation. On debian it return : also. I made a
mistake checking it.
But with the suggested code by Per it works just fine:
sub load {
my $module=@_[0];
$module = File::Spec->catfile(split /::/, $module);
$module .= '.pm';
eval { require $module; };
return $@ ? 1 : 0;
}
Of course one has to put a use File::Spec at the beginning and a Per
Finar Ellefsen
Marcel
Am Donnerstag den, 14. Februar 2002, um 00:11, schrieb Stathy G.
Touloumis:
> Interesting, one system is RedHat 7.2 and Suse 7.3 (custom built perl)
> that
> returns
> a ':' for $Config{'path_sep'}
>
>> It returns a arrayref, as far as I experienced. Well I'm really new to
>> mod_perl
>> and my eagle book waits still in the library to be bought... But why
>> is
>> this
>> version not nice?
>
> It's fine but I have become much more impressed with the mod_perl
> configuration features. It provides a much cleaner interface for
> specifying
> directives.
>
> THIS :
>
> <Location /test>
> AuthName Test
> AuthType Basic
> # These are AuthenSmb specific
> PerlSetVar myPDC SAMBA
> PerlSetVar myDOMAIN ARBEITSGRUPPE
> # With PerlAddVar you pass an array
> PerlAddVar AuthModules Apache::AuthSybase
> PerlAddVar AuthModules Apache::AuthenSmb
> PerlAuthenHandler Apache::AuthMulti
> require valid-user
> </Location>
>
> VS :
>
> <Location /test>
> AuthName Test
> AuthType Basic
> # Now an actual apache conf
> myPDC SAMBA
> myDOMAIN ARBEITSGRUPPE
> # No need to specify twice
> AuthModules Apache::AuthSybase Apache::AuthenSmb
>
> PerlAuthenHandler Apache::AuthMulti
> require valid-user
> </Location>
>
> Of course there will be some minor changes in the module
> and in the Makefile.PL
>
>
>
>
-------------------
PGP / GPG Key: http://www.ncpro.com/GPG/mmweber-at-ncpro-com.asc
RE: Multiple authentication methods
Posted by "Stathy G. Touloumis" <st...@edventions.com>.
Interesting, one system is RedHat 7.2 and Suse 7.3 (custom built perl) that
returns
a ':' for $Config{'path_sep'}
> It returns a arrayref, as far as I experienced. Well I'm really new to
> mod_perl
> and my eagle book waits still in the library to be bought... But why is
> this
> version not nice?
It's fine but I have become much more impressed with the mod_perl
configuration features. It provides a much cleaner interface for specifying
directives.
THIS :
<Location /test>
AuthName Test
AuthType Basic
# These are AuthenSmb specific
PerlSetVar myPDC SAMBA
PerlSetVar myDOMAIN ARBEITSGRUPPE
# With PerlAddVar you pass an array
PerlAddVar AuthModules Apache::AuthSybase
PerlAddVar AuthModules Apache::AuthenSmb
PerlAuthenHandler Apache::AuthMulti
require valid-user
</Location>
VS :
<Location /test>
AuthName Test
AuthType Basic
# Now an actual apache conf
myPDC SAMBA
myDOMAIN ARBEITSGRUPPE
# No need to specify twice
AuthModules Apache::AuthSybase Apache::AuthenSmb
PerlAuthenHandler Apache::AuthMulti
require valid-user
</Location>
Of course there will be some minor changes in the module
and in the Makefile.PL
Re: Multiple authentication methods
Posted by Marcel Weber <mm...@ncpro.com>.
On my woody system it's fine.
Marcel
Am Mittwoch den, 13. Februar 2002, um 23:51, schrieb Stathy G. Touloumis:
>> The easiest thing would be to use Config, and do:
>>
>> $module =~ s[::][$Config{'path_sep'}]g;
>>
>> Right?
>
> Maybe not : ) When checking on 2 linux systems I got a path seperator
> of
> ':'. Can you let me know if you get similar results?
>
> Thanks,
>
>
>
>
>
>
-------------------
PGP / GPG Key: http://www.ncpro.com/GPG/mmweber-at-ncpro-com.asc
RE: Multiple authentication methods
Posted by "Stathy G. Touloumis" <st...@edventions.com>.
> The easiest thing would be to use Config, and do:
>
> $module =~ s[::][$Config{'path_sep'}]g;
>
> Right?
Maybe not : ) When checking on 2 linux systems I got a path seperator of
':'. Can you let me know if you get similar results?
Thanks,
Re: Multiple authentication methods
Posted by Marcel Weber <mm...@ncpro.com>.
Sorry, this code does not work... Should test it better before sending
it to to mailing list...
Marcel
Am Donnerstag den, 14. Februar 2002, um 00:05, schrieb Marcel Weber:
> So here comes the most actual code:
>
> Submitting it to CPAN would be fine!
>
> ------------------------------------------------
>
> package Apache::AuthMulti;
>
> # Stathy G. Touloumis
> # Marcel M. Weber
> # Darren Chamberlain
> #
> # Version 0.01-2 / 13.02.2002 / Marcel M. Weber
>
> use strict;
> use Apache::Constants qw(:common);
>
> sub handler {
> my $r = shift;
> my($res, $sent_pw) = $r->get_basic_auth_pw;
> return $res if $res != OK;
>
> my @auth_modules=$r->dir_config->get("AuthModules");
>
> for my $am (@auth_modules)
> {
> load($am);
> if ($@){
> $r->log_reason("Error loading module '$am':$@");
> next;
> }
>
> my $handler = $am->can('handler') or next;
> if ($handler->($r) == OK) {
> $r->warn("$am return OK");
> return OK;
> }
>
> $r->log_reason("$am not OK");
> }
>
> $r->note_basic_auth_failure;
> $r->log_reason("none of the handlers could authenticate this
> user");
> return AUTH_REQUIRED;
> }
>
> sub load {
> my $module=@_[0];
> $module =~ s[::][$Config{'path_sep'}]go;
> $module .= '.pm';
>
> eval { require $module; };
>
> return $@ ? 1 : 0;
> }
>
> 1;
> __END__
>
> -----------------------------------------------------------------------------
>
> Am Mittwoch den, 13. Februar 2002, um 21:42, schrieb Stathy G.
> Touloumis:
>
>>
>>
>>>> I would suggest changing the PerlSetVar variables
>>>> to actual apache configuration directives which would change this :
>>>>
>>>> my @auth_modules=$r->dir_config->get("AuthModules");
>>>>
>>>> I don't have an immediate patch for this but have done it before.
>>>> If you would like me to work on this code no prob, otherwise check
>>>> the eagle book for some samples if unfamiliar.
>>>
>>> *nod* I'm not sure that the syntax would work; $r->dir_config()
>>> would probably return an arrayref, and such; this needs to be
>>> tested.
>>
>
> It returns a arrayref, as far as I experienced. Well I'm really new to
> mod_perl
> and my eagle book waits still in the library to be bought... But why
> is this
> version not nice?
>
> -------------------
>
> Marcel
>
> PGP / GPG Key: http://www.ncpro.com/GPG/mmweber-at-ncpro-com.asc
>
>
>
-------------------
PGP / GPG Key: http://www.ncpro.com/GPG/mmweber-at-ncpro-com.asc
Re: Multiple authentication methods
Posted by Marcel Weber <mm...@ncpro.com>.
So here comes the most actual code:
Submitting it to CPAN would be fine!
------------------------------------------------
package Apache::AuthMulti;
# Stathy G. Touloumis
# Marcel M. Weber
# Darren Chamberlain
#
# Version 0.01-2 / 13.02.2002 / Marcel M. Weber
use strict;
use Apache::Constants qw(:common);
sub handler {
my $r = shift;
my($res, $sent_pw) = $r->get_basic_auth_pw;
return $res if $res != OK;
my @auth_modules=$r->dir_config->get("AuthModules");
for my $am (@auth_modules)
{
load($am);
if ($@){
$r->log_reason("Error loading module '$am':$@");
next;
}
my $handler = $am->can('handler') or next;
if ($handler->($r) == OK) {
$r->warn("$am return OK");
return OK;
}
$r->log_reason("$am not OK");
}
$r->note_basic_auth_failure;
$r->log_reason("none of the handlers could authenticate this
user");
return AUTH_REQUIRED;
}
sub load {
my $module=@_[0];
$module =~ s[::][$Config{'path_sep'}]go;
$module .= '.pm';
eval { require $module; };
return $@ ? 1 : 0;
}
1;
__END__
-----------------------------------------------------------------------------
Am Mittwoch den, 13. Februar 2002, um 21:42, schrieb Stathy G. Touloumis:
>
>
>>> I would suggest changing the PerlSetVar variables
>>> to actual apache configuration directives which would change this :
>>>
>>> my @auth_modules=$r->dir_config->get("AuthModules");
>>>
>>> I don't have an immediate patch for this but have done it before.
>>> If you would like me to work on this code no prob, otherwise check
>>> the eagle book for some samples if unfamiliar.
>>
>> *nod* I'm not sure that the syntax would work; $r->dir_config()
>> would probably return an arrayref, and such; this needs to be
>> tested.
>
It returns a arrayref, as far as I experienced. Well I'm really new to
mod_perl
and my eagle book waits still in the library to be bought... But why is
this
version not nice?
-------------------
Marcel
PGP / GPG Key: http://www.ncpro.com/GPG/mmweber-at-ncpro-com.asc
RE: Multiple authentication methods
Posted by "Stathy G. Touloumis" <st...@edventions.com>.
> > I would suggest changing the PerlSetVar variables
> > to actual apache configuration directives which would change this :
> >
> > my @auth_modules=$r->dir_config->get("AuthModules");
> >
> > I don't have an immediate patch for this but have done it before.
> > If you would like me to work on this code no prob, otherwise check
> > the eagle book for some samples if unfamiliar.
>
> *nod* I'm not sure that the syntax would work; $r->dir_config()
> would probably return an arrayref, and such; this needs to be
> tested.
You can specify anything for a directive as you can for dir_config() yet
it is more extensible : Syntax checking, ability to set in '.htaccess' files
and of course everybodies favorite . . . it's faster ; )
Doesn't need to be implemented now but just a thought . . .
> I stole that almost whole hog from Template/Config.pm, lines
> 68-78. Take it up with Andy. ;)
>
> The easiest thing would be to use Config, and do:
>
> $module =~ s[::][$Config{'path_sep'}]g;
>
> Right?
Anything other than hardcoding and this is fine by me.
Although should probably compile once :
s[::][$Config{'path_sep'}]go;
Re: Multiple authentication methods
Posted by darren chamberlain <dl...@users.sourceforge.net>.
Quoting Stathy G. Touloumis <st...@edventions.com> [13 Feb-02 15:26]:
> Some more fixes ; )
Yay! Bug reports already...
> I would suggest changing the PerlSetVar variables
> to actual apache configuration directives which would change this :
>
> my @auth_modules=$r->dir_config->get("AuthModules");
>
> I don't have an immediate patch for this but have done it before.
> If you would like me to work on this code no prob, otherwise check
> the eagle book for some samples if unfamiliar.
*nod* I'm not sure that the syntax would work; $r->dir_config()
would probably return an arrayref, and such; this needs to be
tested.
> Also,
>
> THIS :
>
> my $handler = \&{"$am\::handler"};
> if ($handler->($r) == OK) {
> $r->warn("$am return OK");
> return OK;
>
> TO :
>
> ## 'or next' can be changed
> my $handler = $am->can('handler') or next;
> if ($handler->($r) == OK) {
> $r->warn("$am return OK");
> return OK;
> }
Yeah, I just didn't think of that when I wrote the code. That is
the Correct Way.
> And I would consider changing this :
>
> $module =~ s[::][/]g;
>
> to be more portable. I am working on another class for runtime
> management of classes that should address this but won't be on
> CPAN for a few days.
I stole that almost whole hog from Template/Config.pm, lines
68-78. Take it up with Andy. ;)
The easiest thing would be to use Config, and do:
$module =~ s[::][$Config{'path_sep'}]g;
Right?
(darren)
--
What a strange illusion it is to suppose that beauty is goodness.
-- Leo Tolstoy
RE: Multiple authentication methods
Posted by "Stathy G. Touloumis" <st...@edventions.com>.
Some more fixes ; )
I would suggest changing the PerlSetVar variables
to actual apache configuration directives which would change this :
my @auth_modules=$r->dir_config->get("AuthModules");
I don't have an immediate patch for this but have done it before.
If you would like me to work on this code no prob, otherwise check
the eagle book for some samples if unfamiliar.
Also,
THIS :
my $handler = \&{"$am\::handler"};
if ($handler->($r) == OK) {
$r->warn("$am return OK");
return OK;
TO :
## 'or next' can be changed
my $handler = $am->can('handler') or next;
if ($handler->($r) == OK) {
$r->warn("$am return OK");
return OK;
}
And I would consider changing this :
$module =~ s[::][/]g;
to be more portable. I am working on another class for runtime management
of classes that should address this but won't be on CPAN for a few days.
> ---------
>
> package Apache::AuthMulti;
>
> # Stathy G. Touloumis
> # Marcel M. Weber
> # Darren Chamberlain
> #
> # Version 0.1.0 / 2002.02.13 / Marcel M. Weber
>
> use strict;
> use Apache::Constants qw(:common);
>
> sub handler {
> my $r = shift;
> my($res, $sent_pw) = $r->get_basic_auth_pw;
> return $res if $res != OK;
>
> my @auth_modules=$r->dir_config->get("AuthModules");
>
> for my $am (@auth_modules)
> {
> load($am);
> if ($@){
> $r->log_reason("Error loading module '$am':$@");
> next;
> }
>
> my $handler = \&{"$am\::handler"};
> if ($handler->($r) == OK) {
> $r->warn("$am return OK");
> return OK;
> }
>
> $r->log_reason("$am not OK");
> }
>
> $r->note_basic_auth_failure;
> $r->log_reason("none of the handlers could authenticate this
> user");
> return AUTH_REQUIRED;
> }
>
> sub load {
> my $module=@_[0];
> $module =~ s[::][/]g;
> $module .= '.pm';
>
> eval { require $module; };
>
> return $@ ? 1 : 0;
> }
>
> 1;
> __END__
>
>
> -------------------
>
> In the httpd.conf you have to put something like this:
>
> <Location /test>
> AuthName Test
> AuthType Basic
> # These are AuthenSmb specific
> PerlSetVar myPDC SAMBA
> PerlSetVar myDOMAIN ARBEITSGRUPPE
> # With PerlAddVar you pass an array
> PerlAddVar AuthModules Apache::AuthSybase
> PerlAddVar AuthModules Apache::AuthenSmb
> PerlAuthenHandler Apache::AuthMulti
> require valid-user
> </Location>
>
> -----------------------
>
> Works perfect...
>
> Why not submitting this somewhere? I think this could be usefull for
> quite a lot of people. I think this is cool, as you do not have to worry
> wether the module returns DECLINED or AUTH_REQUIRED.
>
> Marcel
>
>
> Am Mittwoch den, 13. Februar 2002, um 15:02, schrieb darren chamberlain:
>
> > Quoting Marcel Weber <mm...@ncpro.com> [12 Feb-02 16:15]:
> >> I don't get the point why it did not work the other way round,
> >> but now everything is just fine now :
> >
> > Make it a little more generic:
> >
> > package Apache::MultiAuthen;
> >
> > use strict;
> > use Apache::Constants qw(:common);
> >
> > sub handler {
> > my $r = shift;
> > my($res, $sent_pw) = $r->get_basic_auth_pw;
> > return $res if $res != OK;
> >
> > # Tweak this; unsure about dir_config returning an array
> > my @auth_modules = $r->dir_config("AuthModules");
> >
> > for my $am (@auth_modules) {
> > load($am);
> >
> > if ($@) {
> > $r->log("Error loading module '$am': $@");
> > next;
> > }
> >
> > my $handler = \&{"$am\::handler"};
> > if ($handler->($r) == OK) {
> > $r->log_reason("$am return OK");
> > return OK
> > }
> >
> > $r->log_reason("$am not OK");
> > }
> >
> > $r->note_basic_auth_failure;
> > return AUTH_REQUIRED;
> > }
> >
> > sub load {
> > my $module = @_;
> > $module =~ s[::][/]g;
> > $module .= '.pm';
> >
> > eval { require $module; };
> >
> > return $@ ? 1 : 0;
> > }
> >
> > 1;
> >
> > __END__
> >
> > (darren)
> >
> > --
> > Never attribute to malice that which is adequately explained by
> > incompetence.
> > -- Napolean Bonaparte
> >
> >
> -------------------
>
> PGP / GPG Key: http://www.ncpro.com/GPG/mmweber-at-ncpro-com.asc
>
Re: Multiple authentication methods
Posted by Marcel Weber <mm...@ncpro.com>.
Fixed some errors. Here comes the working version:
---------
package Apache::AuthMulti;
# Stathy G. Touloumis
# Marcel M. Weber
# Darren Chamberlain
#
# Version 0.1.0 / 2002.02.13 / Marcel M. Weber
use strict;
use Apache::Constants qw(:common);
sub handler {
my $r = shift;
my($res, $sent_pw) = $r->get_basic_auth_pw;
return $res if $res != OK;
my @auth_modules=$r->dir_config->get("AuthModules");
for my $am (@auth_modules)
{
load($am);
if ($@){
$r->log_reason("Error loading module '$am':$@");
next;
}
my $handler = \&{"$am\::handler"};
if ($handler->($r) == OK) {
$r->warn("$am return OK");
return OK;
}
$r->log_reason("$am not OK");
}
$r->note_basic_auth_failure;
$r->log_reason("none of the handlers could authenticate this
user");
return AUTH_REQUIRED;
}
sub load {
my $module=@_[0];
$module =~ s[::][/]g;
$module .= '.pm';
eval { require $module; };
return $@ ? 1 : 0;
}
1;
__END__
-------------------
In the httpd.conf you have to put something like this:
<Location /test>
AuthName Test
AuthType Basic
# These are AuthenSmb specific
PerlSetVar myPDC SAMBA
PerlSetVar myDOMAIN ARBEITSGRUPPE
# With PerlAddVar you pass an array
PerlAddVar AuthModules Apache::AuthSybase
PerlAddVar AuthModules Apache::AuthenSmb
PerlAuthenHandler Apache::AuthMulti
require valid-user
</Location>
-----------------------
Works perfect...
Why not submitting this somewhere? I think this could be usefull for
quite a lot of people. I think this is cool, as you do not have to worry
wether the module returns DECLINED or AUTH_REQUIRED.
Marcel
Am Mittwoch den, 13. Februar 2002, um 15:02, schrieb darren chamberlain:
> Quoting Marcel Weber <mm...@ncpro.com> [12 Feb-02 16:15]:
>> I don't get the point why it did not work the other way round,
>> but now everything is just fine now :
>
> Make it a little more generic:
>
> package Apache::MultiAuthen;
>
> use strict;
> use Apache::Constants qw(:common);
>
> sub handler {
> my $r = shift;
> my($res, $sent_pw) = $r->get_basic_auth_pw;
> return $res if $res != OK;
>
> # Tweak this; unsure about dir_config returning an array
> my @auth_modules = $r->dir_config("AuthModules");
>
> for my $am (@auth_modules) {
> load($am);
>
> if ($@) {
> $r->log("Error loading module '$am': $@");
> next;
> }
>
> my $handler = \&{"$am\::handler"};
> if ($handler->($r) == OK) {
> $r->log_reason("$am return OK");
> return OK
> }
>
> $r->log_reason("$am not OK");
> }
>
> $r->note_basic_auth_failure;
> return AUTH_REQUIRED;
> }
>
> sub load {
> my $module = @_;
> $module =~ s[::][/]g;
> $module .= '.pm';
>
> eval { require $module; };
>
> return $@ ? 1 : 0;
> }
>
> 1;
>
> __END__
>
> (darren)
>
> --
> Never attribute to malice that which is adequately explained by
> incompetence.
> -- Napolean Bonaparte
>
>
-------------------
PGP / GPG Key: http://www.ncpro.com/GPG/mmweber-at-ncpro-com.asc
Re: Multiple authentication methods
Posted by darren chamberlain <dl...@users.sourceforge.net>.
Quoting Marcel Weber <mm...@ncpro.com> [12 Feb-02 16:15]:
> I don't get the point why it did not work the other way round,
> but now everything is just fine now :
Make it a little more generic:
package Apache::MultiAuthen;
use strict;
use Apache::Constants qw(:common);
sub handler {
my $r = shift;
my($res, $sent_pw) = $r->get_basic_auth_pw;
return $res if $res != OK;
# Tweak this; unsure about dir_config returning an array
my @auth_modules = $r->dir_config("AuthModules");
for my $am (@auth_modules) {
load($am);
if ($@) {
$r->log("Error loading module '$am': $@");
next;
}
my $handler = \&{"$am\::handler"};
if ($handler->($r) == OK) {
$r->log_reason("$am return OK");
return OK
}
$r->log_reason("$am not OK");
}
$r->note_basic_auth_failure;
return AUTH_REQUIRED;
}
sub load {
my $module = @_;
$module =~ s[::][/]g;
$module .= '.pm';
eval { require $module; };
return $@ ? 1 : 0;
}
1;
__END__
(darren)
--
Never attribute to malice that which is adequately explained by
incompetence.
-- Napolean Bonaparte
AW: Multiple authentication methods
Posted by Marcel Weber <mm...@ncpro.com>.
It works!!!!
I don't get the point why it did not work the other way round, but now
everything is just fine now :
package Apache::AuthenIntra;
#use strict;
use Apache::AuthenSmb;
use Apache::AuthSybase;
use Apache::Constants;
sub handler {
my $r = shift;
my($res, $sent_pw) = $r->get_basic_auth_pw;
return $res if $res != OK;
if ( Apache::AuthenSmb::handler($r) == OK ) {
$r->log_reason("AuthenSmb is okay", $r->uri);
return OK;
} elsif ( Apache::AuthSybase::handler($r) == OK ) {
$r->log_reason("AuthSybase is okay", $r->uri);
return OK;
}
$r->note_basic_auth_failure;
return AUTH_REQUIRED;
}
1;
__END__
Like this, you may take every authentication module you'd like, wether it
returns DECLINE or AUTH_REQUIRED and it will give an OK if one of the two
works.
Thanks to all who helped me!!!!
Marcel
-----Ursprüngliche Nachricht-----
Von: Stathy G. Touloumis [mailto:stathy.touloumis@edventions.com]
Gesendet: Dienstag, 12. Februar 2002 21:17
An: Marcel Weber; modperl@apache.org
Betreff: RE: Multiple authentication methods
That is odd, I would check the interface for the authentication modules and
be sure that they are being used properly. It may help to also put in some
debug/trace statements to figure out where things are failing or not working
as expected : )
> This way, I do not get any failure messages, but the
> authenication does not
> work at all. Say, it does not matter wat password your typing in, you get
> always authenticated. Even when one auf the handlers logs a violation and
> return AUTH_REQUIRED / DECLINED.
>
> package Apache::AuthenIntra;
>
> use strict;
> use Apache::AuthenSmb;
> use Apache::AuthSybase;
> use Apache::Constants;
>
> sub handler {
> my $r = shift;
> my($res, $sent_pw) = $r->get_basic_auth_pw;
> return $res if $res != OK;
>
> if ( Apache::AuthenSmb::handler($r) == Apache::Constants::OK ) {
> return Apache::Constants::OK;
> } elsif ( Apache::AuthSybase::handler($r) ==
> Apache::Constants::OK )
> {
> return Apache::Constants::OK;
> }
> $r->note_basic_auth_failure;
> return Apache::Constant::AUTH_REQUIRED;
> }
>
> Marcel
>
>
> -----Ursprüngliche Nachricht-----
> Von: Stathy G. Touloumis [mailto:stathy.touloumis@edventions.com]
> Gesendet: Dienstag, 12. Februar 2002 18:32
> An: Marcel Weber; modperl@apache.org
> Betreff: RE: Multiple authentication methods
>
>
> > The get_handlers code is out of AuthenSmb as I do not have the slightest
> > idea of how to get the results of the called function.
> Hmmm, It would seem that it would be better to call the function directly
> from your handler. I am not sure how the AuthenSmb handlers should be
> called but you should get the idea.
>
> sub handler {
> my $r = shift;
> my($res, $sent_pw) = $r->get_basic_auth_pw;
> return $res if $res != OK;
>
> if ( Apache::AuthSybase->handler($r) == Apache::Constants::OK ) {
> return Apache::Constants::OK;
>
> } elsif ( Apache::AuthenSmb->handler($r) == Apache::Constants::OK ) {
> return Apache::Constants::OK;
>
> } else {
> return Apache::Constant::DECLINED;
>
> }
>
>
> }
>
> > I get just as far, as I can authenticate via AuthSybase, but the second
> > method is never executed. Well, probably some expirienced perl
> coder would
> > laugh at me...
>
> He he, we all had to start from the beginning ; )
>
>
> > Hmm, I fiddled a bit around whith this code but, it does not
> > really work the
> > way I want it to.
> >
> > This is what I coded:
> >
> > sub handler {
> > my $r = shift;
> > my($res, $sent_pw) = $r->get_basic_auth_pw;
> > return $res if $res != OK;
> >
> > $r->push_handlers( PerlAuthenHandler=> Apache::AuthSybase );
> > if (@{ $r->get_handlers("PerlAuthenHandler") || []}) {
> > return OK;
> > }
> > $r->push_handlers( PerlAuthenHandler=> Apache::AuthenSmb );
> > if (@{ $r->get_handlers("PerlAuthenHandler") || []}) {
> > return OK;
> > }
> > return DECLINED;
> > }
> >
> > The get_handlers code is out of AuthenSmb as I do not have the slightest
> > idea of how to get the results of the called function.
> >
> > What the code should do is: Call AuthSybase, check return value, if OK
> > return OK, else call AuthenSMB, return return value.
> >
>
>
RE: Multiple authentication methods
Posted by "Stathy G. Touloumis" <st...@edventions.com>.
That is odd, I would check the interface for the authentication modules and
be sure that they are being used properly. It may help to also put in some
debug/trace statements to figure out where things are failing or not working
as expected : )
> This way, I do not get any failure messages, but the
> authenication does not
> work at all. Say, it does not matter wat password your typing in, you get
> always authenticated. Even when one auf the handlers logs a violation and
> return AUTH_REQUIRED / DECLINED.
>
> package Apache::AuthenIntra;
>
> use strict;
> use Apache::AuthenSmb;
> use Apache::AuthSybase;
> use Apache::Constants;
>
> sub handler {
> my $r = shift;
> my($res, $sent_pw) = $r->get_basic_auth_pw;
> return $res if $res != OK;
>
> if ( Apache::AuthenSmb::handler($r) == Apache::Constants::OK ) {
> return Apache::Constants::OK;
> } elsif ( Apache::AuthSybase::handler($r) ==
> Apache::Constants::OK )
> {
> return Apache::Constants::OK;
> }
> $r->note_basic_auth_failure;
> return Apache::Constant::AUTH_REQUIRED;
> }
>
> Marcel
>
>
> -----Ursprüngliche Nachricht-----
> Von: Stathy G. Touloumis [mailto:stathy.touloumis@edventions.com]
> Gesendet: Dienstag, 12. Februar 2002 18:32
> An: Marcel Weber; modperl@apache.org
> Betreff: RE: Multiple authentication methods
>
>
> > The get_handlers code is out of AuthenSmb as I do not have the slightest
> > idea of how to get the results of the called function.
> Hmmm, It would seem that it would be better to call the function directly
> from your handler. I am not sure how the AuthenSmb handlers should be
> called but you should get the idea.
>
> sub handler {
> my $r = shift;
> my($res, $sent_pw) = $r->get_basic_auth_pw;
> return $res if $res != OK;
>
> if ( Apache::AuthSybase->handler($r) == Apache::Constants::OK ) {
> return Apache::Constants::OK;
>
> } elsif ( Apache::AuthenSmb->handler($r) == Apache::Constants::OK ) {
> return Apache::Constants::OK;
>
> } else {
> return Apache::Constant::DECLINED;
>
> }
>
>
> }
>
> > I get just as far, as I can authenticate via AuthSybase, but the second
> > method is never executed. Well, probably some expirienced perl
> coder would
> > laugh at me...
>
> He he, we all had to start from the beginning ; )
>
>
> > Hmm, I fiddled a bit around whith this code but, it does not
> > really work the
> > way I want it to.
> >
> > This is what I coded:
> >
> > sub handler {
> > my $r = shift;
> > my($res, $sent_pw) = $r->get_basic_auth_pw;
> > return $res if $res != OK;
> >
> > $r->push_handlers( PerlAuthenHandler=> Apache::AuthSybase );
> > if (@{ $r->get_handlers("PerlAuthenHandler") || []}) {
> > return OK;
> > }
> > $r->push_handlers( PerlAuthenHandler=> Apache::AuthenSmb );
> > if (@{ $r->get_handlers("PerlAuthenHandler") || []}) {
> > return OK;
> > }
> > return DECLINED;
> > }
> >
> > The get_handlers code is out of AuthenSmb as I do not have the slightest
> > idea of how to get the results of the called function.
> >
> > What the code should do is: Call AuthSybase, check return value, if OK
> > return OK, else call AuthenSMB, return return value.
> >
>
>
AW: Multiple authentication methods
Posted by Marcel Weber <mm...@ncpro.com>.
Hi
This way, I do not get any failure messages, but the authenication does not
work at all. Say, it does not matter wat password your typing in, you get
always authenticated. Even when one auf the handlers logs a violation and
return AUTH_REQUIRED / DECLINED.
package Apache::AuthenIntra;
use strict;
use Apache::AuthenSmb;
use Apache::AuthSybase;
use Apache::Constants;
sub handler {
my $r = shift;
my($res, $sent_pw) = $r->get_basic_auth_pw;
return $res if $res != OK;
if ( Apache::AuthenSmb::handler($r) == Apache::Constants::OK ) {
return Apache::Constants::OK;
} elsif ( Apache::AuthSybase::handler($r) == Apache::Constants::OK )
{
return Apache::Constants::OK;
}
$r->note_basic_auth_failure;
return Apache::Constant::AUTH_REQUIRED;
}
Marcel
-----Ursprüngliche Nachricht-----
Von: Stathy G. Touloumis [mailto:stathy.touloumis@edventions.com]
Gesendet: Dienstag, 12. Februar 2002 18:32
An: Marcel Weber; modperl@apache.org
Betreff: RE: Multiple authentication methods
> The get_handlers code is out of AuthenSmb as I do not have the slightest
> idea of how to get the results of the called function.
Hmmm, It would seem that it would be better to call the function directly
from your handler. I am not sure how the AuthenSmb handlers should be
called but you should get the idea.
sub handler {
my $r = shift;
my($res, $sent_pw) = $r->get_basic_auth_pw;
return $res if $res != OK;
if ( Apache::AuthSybase->handler($r) == Apache::Constants::OK ) {
return Apache::Constants::OK;
} elsif ( Apache::AuthenSmb->handler($r) == Apache::Constants::OK ) {
return Apache::Constants::OK;
} else {
return Apache::Constant::DECLINED;
}
}
> I get just as far, as I can authenticate via AuthSybase, but the second
> method is never executed. Well, probably some expirienced perl coder would
> laugh at me...
He he, we all had to start from the beginning ; )
> Hmm, I fiddled a bit around whith this code but, it does not
> really work the
> way I want it to.
>
> This is what I coded:
>
> sub handler {
> my $r = shift;
> my($res, $sent_pw) = $r->get_basic_auth_pw;
> return $res if $res != OK;
>
> $r->push_handlers( PerlAuthenHandler=> Apache::AuthSybase );
> if (@{ $r->get_handlers("PerlAuthenHandler") || []}) {
> return OK;
> }
> $r->push_handlers( PerlAuthenHandler=> Apache::AuthenSmb );
> if (@{ $r->get_handlers("PerlAuthenHandler") || []}) {
> return OK;
> }
> return DECLINED;
> }
>
> The get_handlers code is out of AuthenSmb as I do not have the slightest
> idea of how to get the results of the called function.
>
> What the code should do is: Call AuthSybase, check return value, if OK
> return OK, else call AuthenSMB, return return value.
>
RE: Multiple authentication methods
Posted by "Stathy G. Touloumis" <st...@edventions.com>.
> I also tried something like this at first. But I get this error message in
> my apache/error.log
>
>
> [Tue Feb 12 20:20:59 2002] [error] Can't locate object method
> "handler" via
> package "Apache::AuthenS
> mb" (perhaps you forgot to load "Apache::AuthenSmb"?) at
> /usr/share/perl5/Apache/AuthenIntra.pm line
> 13.
Try calling it via Apache::AuthenSmb::handler($r) instead. You will
probably want to do the same with Apache::AuthSybase::handler($r) as well.
> resp. vice versa, when the AuthSybase method is first. Perhaps it is my
> mod_perl installation. It is a stock Debian Woody installation.
>
> Marcel
>
>
> -----Ursprüngliche Nachricht-----
> Von: Stathy G. Touloumis [mailto:stathy.touloumis@edventions.com]
> Gesendet: Dienstag, 12. Februar 2002 18:32
> An: Marcel Weber; modperl@apache.org
> Betreff: RE: Multiple authentication methods
>
>
> > The get_handlers code is out of AuthenSmb as I do not have the slightest
> > idea of how to get the results of the called function.
> Hmmm, It would seem that it would be better to call the function directly
> from your handler. I am not sure how the AuthenSmb handlers should be
> called but you should get the idea.
>
> sub handler {
> my $r = shift;
> my($res, $sent_pw) = $r->get_basic_auth_pw;
> return $res if $res != OK;
>
> if ( Apache::AuthSybase->handler($r) == Apache::Constants::OK ) {
> return Apache::Constants::OK;
>
> } elsif ( Apache::AuthenSmb->handler($r) == Apache::Constants::OK ) {
> return Apache::Constants::OK;
>
> } else {
> return Apache::Constant::DECLINED;
>
> }
>
>
> }
>
> > I get just as far, as I can authenticate via AuthSybase, but the second
> > method is never executed. Well, probably some expirienced perl
> coder would
> > laugh at me...
>
> He he, we all had to start from the beginning ; )
>
>
> > Hmm, I fiddled a bit around whith this code but, it does not
> > really work the
> > way I want it to.
> >
> > This is what I coded:
> >
> > sub handler {
> > my $r = shift;
> > my($res, $sent_pw) = $r->get_basic_auth_pw;
> > return $res if $res != OK;
> >
> > $r->push_handlers( PerlAuthenHandler=> Apache::AuthSybase );
> > if (@{ $r->get_handlers("PerlAuthenHandler") || []}) {
> > return OK;
> > }
> > $r->push_handlers( PerlAuthenHandler=> Apache::AuthenSmb );
> > if (@{ $r->get_handlers("PerlAuthenHandler") || []}) {
> > return OK;
> > }
> > return DECLINED;
> > }
> >
> > The get_handlers code is out of AuthenSmb as I do not have the slightest
> > idea of how to get the results of the called function.
> >
> > What the code should do is: Call AuthSybase, check return value, if OK
> > return OK, else call AuthenSMB, return return value.
> >
>
>
AW: Multiple authentication methods
Posted by Marcel Weber <mm...@ncpro.com>.
Thank you!
I also tried something like this at first. But I get this error message in
my apache/error.log
[Tue Feb 12 20:20:59 2002] [error] Can't locate object method "handler" via
package "Apache::AuthenS
mb" (perhaps you forgot to load "Apache::AuthenSmb"?) at
/usr/share/perl5/Apache/AuthenIntra.pm line
13.
resp. vice versa, when the AuthSybase method is first. Perhaps it is my
mod_perl installation. It is a stock Debian Woody installation.
Marcel
-----Ursprüngliche Nachricht-----
Von: Stathy G. Touloumis [mailto:stathy.touloumis@edventions.com]
Gesendet: Dienstag, 12. Februar 2002 18:32
An: Marcel Weber; modperl@apache.org
Betreff: RE: Multiple authentication methods
> The get_handlers code is out of AuthenSmb as I do not have the slightest
> idea of how to get the results of the called function.
Hmmm, It would seem that it would be better to call the function directly
from your handler. I am not sure how the AuthenSmb handlers should be
called but you should get the idea.
sub handler {
my $r = shift;
my($res, $sent_pw) = $r->get_basic_auth_pw;
return $res if $res != OK;
if ( Apache::AuthSybase->handler($r) == Apache::Constants::OK ) {
return Apache::Constants::OK;
} elsif ( Apache::AuthenSmb->handler($r) == Apache::Constants::OK ) {
return Apache::Constants::OK;
} else {
return Apache::Constant::DECLINED;
}
}
> I get just as far, as I can authenticate via AuthSybase, but the second
> method is never executed. Well, probably some expirienced perl coder would
> laugh at me...
He he, we all had to start from the beginning ; )
> Hmm, I fiddled a bit around whith this code but, it does not
> really work the
> way I want it to.
>
> This is what I coded:
>
> sub handler {
> my $r = shift;
> my($res, $sent_pw) = $r->get_basic_auth_pw;
> return $res if $res != OK;
>
> $r->push_handlers( PerlAuthenHandler=> Apache::AuthSybase );
> if (@{ $r->get_handlers("PerlAuthenHandler") || []}) {
> return OK;
> }
> $r->push_handlers( PerlAuthenHandler=> Apache::AuthenSmb );
> if (@{ $r->get_handlers("PerlAuthenHandler") || []}) {
> return OK;
> }
> return DECLINED;
> }
>
> The get_handlers code is out of AuthenSmb as I do not have the slightest
> idea of how to get the results of the called function.
>
> What the code should do is: Call AuthSybase, check return value, if OK
> return OK, else call AuthenSMB, return return value.
>
RE: Multiple authentication methods
Posted by "Stathy G. Touloumis" <st...@edventions.com>.
> The get_handlers code is out of AuthenSmb as I do not have the slightest
> idea of how to get the results of the called function.
Hmmm, It would seem that it would be better to call the function directly
from your handler. I am not sure how the AuthenSmb handlers should be
called but you should get the idea.
sub handler {
my $r = shift;
my($res, $sent_pw) = $r->get_basic_auth_pw;
return $res if $res != OK;
if ( Apache::AuthSybase->handler($r) == Apache::Constants::OK ) {
return Apache::Constants::OK;
} elsif ( Apache::AuthenSmb->handler($r) == Apache::Constants::OK ) {
return Apache::Constants::OK;
} else {
return Apache::Constant::DECLINED;
}
}
> I get just as far, as I can authenticate via AuthSybase, but the second
> method is never executed. Well, probably some expirienced perl coder would
> laugh at me...
He he, we all had to start from the beginning ; )
> Hmm, I fiddled a bit around whith this code but, it does not
> really work the
> way I want it to.
>
> This is what I coded:
>
> sub handler {
> my $r = shift;
> my($res, $sent_pw) = $r->get_basic_auth_pw;
> return $res if $res != OK;
>
> $r->push_handlers( PerlAuthenHandler=> Apache::AuthSybase );
> if (@{ $r->get_handlers("PerlAuthenHandler") || []}) {
> return OK;
> }
> $r->push_handlers( PerlAuthenHandler=> Apache::AuthenSmb );
> if (@{ $r->get_handlers("PerlAuthenHandler") || []}) {
> return OK;
> }
> return DECLINED;
> }
>
> The get_handlers code is out of AuthenSmb as I do not have the slightest
> idea of how to get the results of the called function.
>
> What the code should do is: Call AuthSybase, check return value, if OK
> return OK, else call AuthenSMB, return return value.
>
AW: Multiple authentication methods
Posted by Marcel Weber <mm...@ncpro.com>.
Hmm, I fiddled a bit around whith this code but, it does not really work the
way I want it to.
This is what I coded:
sub handler {
my $r = shift;
my($res, $sent_pw) = $r->get_basic_auth_pw;
return $res if $res != OK;
$r->push_handlers( PerlAuthenHandler=> Apache::AuthSybase );
if (@{ $r->get_handlers("PerlAuthenHandler") || []}) {
return OK;
}
$r->push_handlers( PerlAuthenHandler=> Apache::AuthenSmb );
if (@{ $r->get_handlers("PerlAuthenHandler") || []}) {
return OK;
}
return DECLINED;
}
The get_handlers code is out of AuthenSmb as I do not have the slightest
idea of how to get the results of the called function.
What the code should do is: Call AuthSybase, check return value, if OK
return OK, else call AuthenSMB, return return value.
I get just as far, as I can authenticate via AuthSybase, but the second
method is never executed. Well, probably some expirienced perl coder would
laugh at me...
Marcel
-----Ursprüngliche Nachricht-----
Von: Stathy G. Touloumis [mailto:stathy.touloumis@edventions.com]
Gesendet: Montag, 11. Februar 2002 23:34
An: Marcel Weber
Cc: modperl@apache.org
Betreff: RE: Multiple authentication methods
sub handler {
my $r = shift;
if ( $smbauthwhatever ) {
$r->push_handlers( PerlAuthenHandler=> Apache::AuthenSmb::handler );
} else {
$r->push_handlers( PerlAuthenHandler=> Apache::Foo::handler );
}
}
> I already thought of this. But how can I call the first and second
> handler from within this "super"-handler?
>
> I'll do something like this:
>
> use Apache::AuthenSmb;
> use Apache::AuthSybase;
>
> sub handler {
> if (smbauthwhatever)
> ........
> sybaseauthwhatever
> .....
>
> }
>
> So how can I call the handler function of AuthenSmb?
>
RE: Multiple authentication methods
Posted by "Stathy G. Touloumis" <st...@edventions.com>.
sub handler {
my $r = shift;
if ( $smbauthwhatever ) {
$r->push_handlers( PerlAuthenHandler=> Apache::AuthenSmb::handler );
} else {
$r->push_handlers( PerlAuthenHandler=> Apache::Foo::handler );
}
}
> I already thought of this. But how can I call the first and second
> handler from within this "super"-handler?
>
> I'll do something like this:
>
> use Apache::AuthenSmb;
> use Apache::AuthSybase;
>
> sub handler {
> if (smbauthwhatever)
> ........
> sybaseauthwhatever
> .....
>
> }
>
> So how can I call the handler function of AuthenSmb?
>
Re: Multiple authentication methods
Posted by Marcel Weber <mm...@ncpro.com>.
Hi
I already thought of this. But how can I call the first and second
handler from within this "super"-handler?
I'll do something like this:
use Apache::AuthenSmb;
use Apache::AuthSybase;
sub handler {
if (smbauthwhatever)
........
sybaseauthwhatever
.....
}
So how can I call the handler function of AuthenSmb?
Marcel
Am Montag den, 11. Februar 2002, um 22:28, schrieb C. Jon Larsen:
>
> Simply write your authentication handler to try the 2nd method if the
> 1st
> method fails. Easy .... I have to do this with handlers that look in 2
> different tables sometimes, especially when a migration between systems
> is
> in place.
>
> On Mon, 11 Feb 2002, Marcel Weber wrote:
>
>> Hi
>>
>> I've got the following problem: We've got a restricted webserver area
>> which
>> should be accessable to
>>
>> a. our intranet users, which have a Windows NT account. For them I'd
>> like to
>> do the authentication via AuthenSmb. I can do this perfectly against
>> our
>> Windows 2000 DCs.
>> b. External customers. For them I'd like to store a user / password
>> combinatin in a SQL Database.
>> This also works successfully.
>>
>> So my question is now: How can I combine the two authentication
>> methods?
>> Say, a directive that says, check first if the user is member of the
>> windows
>> 2000 domain and if not, check if the user is in the database.
>>
>> I tried this with the following directive in httpd.conf:
>>
>> <Location /test>
>> AuthName Test
>> AuthType Basic
>> PerlSetVar myPDC SAMBA
>> PerlSetVar myDOMAIN ARBEITSGRUPPE
>> PerlAuthenHandler Apache::AuthenSmb Apache::AuthSybase
>> require valid-user
>> </Location>
>>
>> This does not work though. So is there a way to get this working? Or
>> do I
>> have to write a module, that combines the two authentication schemes?
>>
>> Any help is welcome!
>>
>>
>> Marcel
>>
>>
>> --
>> ______
>> (Muuuhh)
>> Global Village Sau ==> ^..^ |/¯¯¯¯¯
>> (Kann Fremdsprache) ==> (oo)
>>
>>
>
> --
>
> C. Jon Larsen Chief Technology Officer, Richweb.com (804.307.6939)
> SMTP: jlarsen@richweb.com (http://richweb.com/cjl_pgp_pub_key.txt)
>
> Richweb.com:
> Designing Open Source Internet Business Solutions since 1995
> Building Safe, Secure, Reliable Cisco-Powered Networks since 1995
>
>
>
-------------------
PGP / GPG Key: http://www.ncpro.com/GPG/mmweber-at-ncpro-com.asc
Re: Multiple authentication methods
Posted by "C. Jon Larsen" <jl...@richweb.com>.
Simply write your authentication handler to try the 2nd method if the 1st
method fails. Easy .... I have to do this with handlers that look in 2
different tables sometimes, especially when a migration between systems is
in place.
On Mon, 11 Feb 2002, Marcel Weber wrote:
> Hi
>
> I've got the following problem: We've got a restricted webserver area which
> should be accessable to
>
> a. our intranet users, which have a Windows NT account. For them I'd like to
> do the authentication via AuthenSmb. I can do this perfectly against our
> Windows 2000 DCs.
> b. External customers. For them I'd like to store a user / password
> combinatin in a SQL Database.
> This also works successfully.
>
> So my question is now: How can I combine the two authentication methods?
> Say, a directive that says, check first if the user is member of the windows
> 2000 domain and if not, check if the user is in the database.
>
> I tried this with the following directive in httpd.conf:
>
> <Location /test>
> AuthName Test
> AuthType Basic
> PerlSetVar myPDC SAMBA
> PerlSetVar myDOMAIN ARBEITSGRUPPE
> PerlAuthenHandler Apache::AuthenSmb Apache::AuthSybase
> require valid-user
> </Location>
>
> This does not work though. So is there a way to get this working? Or do I
> have to write a module, that combines the two authentication schemes?
>
> Any help is welcome!
>
>
> Marcel
>
>
> --
> ______
> (Muuuhh)
> Global Village Sau ==> ^..^ |/¯¯¯¯¯
> (Kann Fremdsprache) ==> (oo)
>
>
--
C. Jon Larsen Chief Technology Officer, Richweb.com (804.307.6939)
SMTP: jlarsen@richweb.com (http://richweb.com/cjl_pgp_pub_key.txt)
Richweb.com:
Designing Open Source Internet Business Solutions since 1995
Building Safe, Secure, Reliable Cisco-Powered Networks since 1995