Index index by Group index by Distribution index by Vendor index by creation date index by Name Mirrors Help Search

perl-Apache-AuthCookie-3.25-bp153.1.13 RPM for noarch

From OpenSuSE Leap 15.3 for noarch

Name: perl-Apache-AuthCookie Distribution: SUSE Linux Enterprise 15 SP3
Version: 3.25 Vendor: openSUSE
Release: bp153.1.13 Build date: Sat Mar 6 10:31:14 2021
Group: Development/Libraries/Perl Build host: sheep88
Size: 202399 Source RPM: perl-Apache-AuthCookie-3.25-bp153.1.13.src.rpm
Packager: https://bugs.opensuse.org
Url: http://search.cpan.org/dist/Apache-AuthCookie/
Summary: Perl Authentication and Authorization via cookies
*Apache::AuthCookie* allows you to intercept a user's first unauthenticated
access to a protected document. The user will be presented with a custom
form where they can enter authentication credentials. The credentials are
posted to the server where AuthCookie verifies them and returns a session
key.

The session key is returned to the user's browser as a cookie. As a cookie,
the browser will pass the session key on every subsequent accesses.
AuthCookie will verify the session key and re-authenticate the user.

All you have to do is write a custom module that inherits from AuthCookie.
Your module is a class which implements two methods:

* 'authen_cred()'

Verify the user-supplied credentials and return a session key. The session
key can be any string - often you'll use some string containing username,
timeout info, and any other information you need to determine access to
documents, and append a one-way hash of those values together with some
secret key.

* 'authen_ses_key()'

Verify the session key (previously generated by 'authen_cred()', possibly
during a previous request) and return the user ID. This user ID will be fed
to '$r->connection->user()' to set Apache's idea of who's logged in.

By using AuthCookie versus Apache's built-in AuthBasic you can design your
own authentication system. There are several benefits.

* 1.

The client doesn't *have* to pass the user credentials on every subsequent
access. If you're using passwords, this means that the password can be sent
on the first request only, and subsequent requests don't need to send this
(potentially sensitive) information. This is known as "ticket-based"
authentication.

* 2.

When you determine that the client should stop using the
credentials/session key, the server can tell the client to delete the
cookie. Letting users "log out" is a notoriously impossible-to-solve
problem of AuthBasic.

* 3.

AuthBasic dialog boxes are ugly. You can design your own HTML login forms
when you use AuthCookie.

* 4.

You can specify the domain of a cookie using PerlSetVar commands. For
instance, if your AuthName is 'WhatEver', you can put the command

 PerlSetVar WhatEverDomain .yourhost.com

into your server setup file and your access cookies will span all hosts
ending in '.yourhost.com'.

* 5.

You can optionally specify the name of your cookie using the 'CookieName'
directive. For instance, if your AuthName is 'WhatEver', you can put the
command

 PerlSetVar WhatEverCookieName MyCustomName

into your server setup file and your cookies for this AuthCookie realm will
be named MyCustomName. Default is AuthType_AuthName.

* 6.

By default users must satisfy ALL of the 'require' directives. If you want
authentication to succeed if ANY 'require' directives are met, use the
'Satisfy' directive. For instance, if your AuthName is 'WhatEver', you can
put the command

 PerlSetVar WhatEverSatisfy Any

into your server startup file and authentication for this realm will
succeed if ANY of the 'require' directives are met.

This is the flow of the authentication handler, less the details of the
redirects. Two REDIRECT's are used to keep the client from displaying the
user's credentials in the Location field. They don't really change
AuthCookie's model, but they do add another round-trip request to the
client.

 (-----------------------)     +---------------------------------+
 ( Request a protected   )     | AuthCookie sets custom error    |
 ( page, but user hasn't )---->| document and returns            |
 ( authenticated (no     )     | FORBIDDEN. Apache abandons      |
 ( session key cookie)   )     | current request and creates sub |
 (-----------------------)     | request for the error document. |<-+
                               | Error document is a script that |  |
                               | generates a form where the user |  |
                 return        | enters authentication           |  |
          ^------------------->| credentials (login & password). |  |
         / \      False        +---------------------------------+  |
        /   \                                   |                   |
       /     \                                  |                   |
      /       \                                 V                   |
     /         \               +---------------------------------+  |
    /   Pass    \              | User's client submits this form |  |
   /   user's    \             | to the LOGIN URL, which calls   |  |
   | credentials |<------------| AuthCookie->login().            |  |
   \     to      /             +---------------------------------+  |
    \authen_cred/                                                   |
     \ function/                                                    |
      \       /                                                     |
       \     /                                                      |
        \   /            +------------------------------------+     |
         \ /   return    | Authen cred returns a session      |  +--+
          V------------->| key which is opaque to AuthCookie.*|  |
                True     +------------------------------------+  |
                                              |                  |
               +--------------------+         |      +---------------+
               |                    |         |      | If we had a   |
               V                    |         V      | cookie, add   |
  +----------------------------+  r |         ^      | a Set-Cookie  |
  | If we didn't have a session|  e |T       / \     | header to     |
  | key cookie, add a          |  t |r      /   \    | override the  |
  | Set-Cookie header with this|  u |u     /     \   | invalid cookie|
  | session key. Client then   |  r |e    /       \  +---------------+
  | returns session key with   |  n |    /  pass   \               ^
  | successive requests        |    |   /  session  \              |
  +----------------------------+    |  /   key to    \    return   |
               |                    +-| authen_ses_key|------------+
               V                       \             /     False
  +-----------------------------------+ \           /
  | Tell Apache to set Expires header,|  \         /
  | set user to user ID returned by   |   \       /
  | authen_ses_key, set authentication|    \     /
  | to our type (e.g. AuthCookie).    |     \   /
  +-----------------------------------+      \ /
                                              V
         (---------------------)              ^
         ( Request a protected )              |
         ( page, user has a    )--------------+
         ( session key cookie  )
         (---------------------)


 *  The session key that the client gets can be anything you want.  For
    example, encrypted information about the user, a hash of the
    username and password (similar in function to Digest
    authentication), or the user name and password in plain text
    (similar in function to HTTP Basic authentication).

    The only requirement is that the authen_ses_key function that you
    create must be able to determine if this session_key is valid and
    map it back to the originally authenticated user ID.

Provides

Requires

License

Artistic-1.0 or GPL-1.0+

Changelog

* Wed Aug 31 2016 coolo@suse.com
  - updated to 3.25
    see /usr/share/doc/packages/perl-Apache-AuthCookie/Changes
    3.25  2016-08-30
    - 2.4: fix POD typo and add missing ABSTRACT
    - reorganize real.t tests into subtests
    - make sure signature test ignores generated files
    - remove autobox dependency
    - fix authenticate so that r->user is copied from r->main on subrequests.
      Previously this was only done for internal redirects (r->prev is defined).
      This fixes DirectoryIndexes on AuthCookie enabled directories under apache
      2.4.
* Tue Jan 19 2016 coolo@suse.com
  - updated to 3.24
    see /usr/share/doc/packages/perl-Apache-AuthCookie/Changes
    3.24  2016-01-13
    - Update Apache 2.4 README, flesh out guts of Authz Provider notes.
    - Improve Apache 2.4 README's AuthzProvider documentation
    - Add POD to Apache2_4::AuthCookie
    - Add FAQ to Apache2_4::AuthCookie documenation
    - 2.4: document that PerlAddAuthzProvider is only needed for *custom* Requires directives.
    - 2.4: make authz_handler recognize multiple usernames in the directive like
      mod_authz_user does.
    - add test case for internal authz_handler
    - explicitly require Apache::Test 1.39 so that APACHE2_4 defines are set
* Sat Dec 26 2015 coolo@suse.com
  - updated to 3.23
    see /usr/share/doc/packages/perl-Apache-AuthCookie/Changes
    3.23  2015-09-10
    - Improve CGI mode param() handling to avoi CGI.pm's "param() called in list context" warning.
    - add support for Apache 2.4 via mod_perl 1.09.
    * **** IMPORTANT *****
      Apache 2.4 has a *VERY* different API for authentication.  You will need
      to port your subclass and configuration over to the Apache 2.4 API in
      order to use Apache 2.4!  Please be sure to read README.apache-2.4.pod for
      porting instructions!
* Tue Apr 14 2015 coolo@suse.com
  - updated to 3.22
    see /usr/share/doc/packages/perl-Apache-AuthCookie/Changes
    3.22  2014-05-07
    3.21  2014-05-07
    - Bad release - deleted
* Wed Dec 18 2013 coolo@suse.com
  - updated to 3.20
    - login_form: return OK for mobile IE 10, which also ignores content for
      FORBIDDEN response.
    - test .pl registry scripts: do not try to load mod_perl.pm
    - escape html tags in destination.
    - split out CGI data handling into ::AuthCookie::Params modules
    - use Apache::Request/Apache2::Request from libapreq if available. Otherwise,
      fall back to CGI.pm for handling CGI data.
    - improve "removed cookie" debug log message
    - add dependencies: autobox, Class::Load
    - allow username to be '0'
    - login_form: return OK for SymbianOS, which ignores content for FORBIDDEN responses.
    - add login_form_status() to override HTTP status returned by login form
    - recognize_user: return DECLINED if user is not recognized
* Thu Oct 11 2012 coolo@suse.com
  - buildrequire explicitly netcfg
* Thu Oct 20 2011 tabraham@novell.com
  - update to 3.18 2011-01-24
    * remove 3.17's test skip hacks and bump Apache::Test prereq to
      v1.53 which fixes this issue
    * fix MANIFEST.SKIP to ignore genereated t/conf/mime.types
    * remove dist.inim weaver.ini from dists
    * fixed t/real.t to use correct -withtestmore import syntax
    * rename sample authcookie handlers to Sample::Apache and
      Sample::Apache2 namespaces
  - update to 3.17 2011-01-19
    * skip the test suite if running as root. Apache::Test 1.34 fails
      the test suite if running as root instead of skipping it. By
      skipping, AuthCookie can be installed via CPAN.pm as root
  - update to 3.16 2011-01-19
    * require Apache::Test 1.32 - fixes Ubuntu build issue
    * remove mod_perl/mod_perl2 related rereq's from META.yml. The
      correct mod perl version is not known until Makefile.PL is run.
      CPAN.pm should not try to install either one until it is known
      which one is appropriate. (RT 64926)
  - update to 3.15 2010-08-27
    * enable Dist::Zilla Manifest plugin
    * add FAQ
    * add FAQ entry on how to protect an entire site/document root
    * recognize_user: return DECLINED if user is already set
    * refactor P3P header generation into send_p3p($r) so subclasses
      can overload it
* Wed Dec 01 2010 coolo@novell.com
  - switch to perl_requires macro
* Wed Jun 02 2010 chris@computersalat.de
  - update to 3.14
    - MP2: doc updates: remove beta warnings, change Apache::AuthCookie to
      Apache2::Authcookie where appopriate.
    - docs: change my email to my cpan address
    - docs: remove POST limitations reference (handled by POST to GET conversion)
    - sign dist with Module::Signature
    - add signature test
    - MP1: perltidy Apache::AuthCookie sources.
    - update mod_perl2 prereq version (still 2.0.0 RC5, but version number was
      incorrect in Makefile.PL)
    - use Dist::Zilla for building the dist
  - 3.13  2010-04-12
    - removed: bad dist
  - recreated spec by cpanspec 1.78
  - noarch package
* Mon Oct 27 2008 cwh@suse.de
  Version: 3.12
    - Makefile.PL If no mod_perl version is found, just require mod_perl2.
      This makes sure that CPAN testers will get the right dependencies.
      way. Also set up PREREQ_PM properly for mod_perl version 1.
    Version: 3.11
    - Fix tiny pod doc error.
    - Escape CR and LF in 'destination' field to prevent possible XSS attack
      [Steffen Schwigon]

Files

/usr/lib/perl5/vendor_perl/5.26.1/Apache
/usr/lib/perl5/vendor_perl/5.26.1/Apache/AuthCookie
/usr/lib/perl5/vendor_perl/5.26.1/Apache/AuthCookie.pm
/usr/lib/perl5/vendor_perl/5.26.1/Apache/AuthCookie/Autobox.pm
/usr/lib/perl5/vendor_perl/5.26.1/Apache/AuthCookie/FAQ.pod
/usr/lib/perl5/vendor_perl/5.26.1/Apache/AuthCookie/Params
/usr/lib/perl5/vendor_perl/5.26.1/Apache/AuthCookie/Params.pm
/usr/lib/perl5/vendor_perl/5.26.1/Apache/AuthCookie/Params/Base.pm
/usr/lib/perl5/vendor_perl/5.26.1/Apache/AuthCookie/Params/CGI.pm
/usr/lib/perl5/vendor_perl/5.26.1/Apache/AuthCookie/Util.pm
/usr/lib/perl5/vendor_perl/5.26.1/Apache/README.apache-2.4.pod
/usr/lib/perl5/vendor_perl/5.26.1/Apache2
/usr/lib/perl5/vendor_perl/5.26.1/Apache2/AuthCookie
/usr/lib/perl5/vendor_perl/5.26.1/Apache2/AuthCookie.pm
/usr/lib/perl5/vendor_perl/5.26.1/Apache2/AuthCookie/Base.pm
/usr/lib/perl5/vendor_perl/5.26.1/Apache2/AuthCookie/Params.pm
/usr/lib/perl5/vendor_perl/5.26.1/Apache2_4
/usr/lib/perl5/vendor_perl/5.26.1/Apache2_4/AuthCookie.pm
/usr/lib/perl5/vendor_perl/5.26.1/x86_64-linux-thread-multi
/usr/share/doc/packages/perl-Apache-AuthCookie
/usr/share/doc/packages/perl-Apache-AuthCookie/Changes
/usr/share/doc/packages/perl-Apache-AuthCookie/LICENSE
/usr/share/doc/packages/perl-Apache-AuthCookie/README
/usr/share/doc/packages/perl-Apache-AuthCookie/README.modperl2
/usr/share/doc/packages/perl-Apache-AuthCookie/scripts
/usr/share/doc/packages/perl-Apache-AuthCookie/scripts/perlbrew-smoke
/usr/share/man/man3/Apache2::AuthCookie.3pm.gz
/usr/share/man/man3/Apache2::AuthCookie::Base.3pm.gz
/usr/share/man/man3/Apache2::AuthCookie::Params.3pm.gz
/usr/share/man/man3/Apache2_4::AuthCookie.3pm.gz
/usr/share/man/man3/Apache::AuthCookie.3pm.gz
/usr/share/man/man3/Apache::AuthCookie::Autobox.3pm.gz
/usr/share/man/man3/Apache::AuthCookie::FAQ.3pm.gz
/usr/share/man/man3/Apache::AuthCookie::Params.3pm.gz
/usr/share/man/man3/Apache::AuthCookie::Params::Base.3pm.gz
/usr/share/man/man3/Apache::AuthCookie::Params::CGI.3pm.gz
/usr/share/man/man3/Apache::AuthCookie::Util.3pm.gz
/usr/share/man/man3/Apache::README.apache-2.4.3pm.gz


Generated by rpm2html 1.8.1

Fabrice Bellet, Sat Mar 9 14:43:28 2024