Send modauthtkt-users mailing list submissions to
modauthtkt-users@lists.sourceforge.net
To subscribe or unsubscribe via the World Wide Web, visit
https://lists.sourceforge.net/lists/listinfo/modauthtkt-users
or, via email, send a message with subject or body 'help' to
[EMAIL PROTECTED]
You can reach the person managing the list at
[EMAIL PROTECTED]
When replying, please edit your Subject line so it is more specific
than "Re: Contents of modauthtkt-users digest..."
Today's Topics:
1. Re: cookie missing for IE client but not Firefox. (Qiang Lee)
2. Re: cookie missing for IE client but not Firefox. (Qiang Lee)
3. Re: cookie missing for IE client but not Firefox. (Qiang Lee)
4. Catalyst, Apache::AuthTkt, 2.0.0 final (Peter Karman)
5. Lighthttpd anyone? (Charlie Brady)
6. Re: Catalyst, Apache::AuthTkt, 2.0.0 final (Gavin Carr)
7. Re: Lighthttpd anyone? (Gavin Carr)
8. Re: Catalyst, Apache::AuthTkt, 2.0.0 final (Peter Karman)
----------------------------------------------------------------------
Message: 1
Date: Fri, 12 Oct 2007 06:28:23 -0700 (PDT)
From: Qiang Lee <[EMAIL PROTECTED]>
Subject: Re: [modauthtkt-users] cookie missing for IE client but not
Firefox.
To: Michael Peters <[EMAIL PROTECTED]>
Cc: modauthtkt-users@lists.sourceforge.net
Message-ID: <[EMAIL PROTECTED]>
Content-Type: text/plain; charset=iso-8859-1
--- Michael Peters <[EMAIL PROTECTED]> wrote:
> Qiang Lee wrote:
>
> > i am new to mod_auth_tkt and trying to use it for
> our
> > app authentication(no authz). one problem that i
> am
> > experiencing is that tickt cookie doesn't get sent
> > upon successful logging when using IE. it works
> for
> > firefox (i.e the cookie is set on the client
> side).
> > has anyone had this kind of problem before?
>
> How are you creating the actual cookie? That's not
> done by mod_auth_tkt, so it's
> in your code somewhere. Browsers can be picky about
> cookies and the formats you
> use, so a cookie that might work in FF won't
> necessarily work in IE. Using
> something like LiveHTTPHeaders in FF to see what the
> actual cookie string looks
> like. And then compare that to cookies that you know
> work in IE.
>
i was reading the login.cgi come with mod_auth_tkt.
the comment is interesting:
# For some reason, a Location: redirect doesn't
seem to then see the cookie,
# but a meta refresh one does - go figure
print $q->start_html(
-head => meta({
-http_equiv => 'refresh', -content =>
("0;URL=" . sprintf("%s%s%s?redirect=%s&%s=%s%s",
$location, $mode, $suffix, $self_redirect +
1, $at->back_arg_name,
$back_esc || '', $extra))
}));
but i know there are countless websites that does
login authentication then a 302 redirect to another
page. i don't see why it doesn't work for me..
> --
> Michael Peters
> Developer
> Plus Three, LP
>
>
____________________________________________________________________________________
Be a better Heartthrob. Get better relationship answers from someone who knows.
Yahoo! Answers - Check it out.
http://answers.yahoo.com/dir/?link=list&sid=396545433
------------------------------
Message: 2
Date: Fri, 12 Oct 2007 08:27:07 -0700 (PDT)
From: Qiang Lee <[EMAIL PROTECTED]>
Subject: Re: [modauthtkt-users] cookie missing for IE client but not
Firefox.
To: Michael Peters <[EMAIL PROTECTED]>
Cc: modauthtkt-users@lists.sourceforge.net
Message-ID: <[EMAIL PROTECTED]>
Content-Type: text/plain; charset=iso-8859-1
--- Michael Peters <[EMAIL PROTECTED]> wrote:
> Qiang Lee wrote:
>
> > Set-Cookie:
> >
>
auth_tkt=YTg3OWYyZjVlYmQ5ZTllM2Q3NWExNzdmMTRhMjI3ZGI0NzBlYzIzYnRlc3R1c2VyITI%3D;
> > path=/; expires=Fri, 12-Oct-2007 01:39:23 GMT
>
> Why is it on multiple lines like that? Is that
> something you did? I was under
> the impression that 1 header meant 1 line.
>
yahoo mail wrapped it. it is at one line.
I just tried return a meta refresh page after login
which result cookie lost in both FF and IE. I thought
that should have worked.
here is the FF header:
http://www.example.com/app/account/process_login
POST /app/account/process_login HTTP/1.1
Host: www.example.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1;
en-US; rv:1.8.1.7) Gecko/20070914 Firefox/2.0.0.7
Accept:
text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Connection: keep-alive
Referer: http://www.example.com/app/account/login
Content-Type: application/x-www-form-urlencoded
Content-Length: 40
back=&username=testuser&password=1234567
HTTP/1.x 200 OK
Date: Fri, 12 Oct 2007 14:11:28 GMT
Server: Apache/1.3.36 (Unix) mod_auth_tkt/2.0.0rc2
mod_perl/1.29
Set-Cookie:
auth_tkt=NjhlM2I2Y2RkYzA4NWNmMDYxMzAzZmMyMWMyY2RmOWQ0NzBmODA5MHRlc3R1c2VyITI%3D;
domain=www.example.com; path=/; expires=Thu,
01-Jan-1970 01:00:00 GMT
Keep-Alive: timeout=15, max=99
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=ISO-8859-1
----------------------------------------------------------
http://www.example.com/
GET / HTTP/1.1
Host: www.example.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1;
en-US; rv:1.8.1.7) Gecko/20070914 Firefox/2.0.0.7
Accept:
text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Connection: keep-alive
HTTP/1.x 302 Found
Date: Fri, 12 Oct 2007 14:11:33 GMT
Server: Apache/1.3.36 (Unix) mod_auth_tkt/2.0.0rc2
mod_perl/1.29
Location: http://www.example.com/app
Keep-Alive: timeout=15, max=97
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=iso-8859-1
----------------------------------------------------------
http://www.example.com/app
GET /app HTTP/1.1
Host: www.example.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1;
en-US; rv:1.8.1.7) Gecko/20070914 Firefox/2.0.0.7
Accept:
text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Connection: keep-alive
HTTP/1.x 200 OK
Date: Fri, 12 Oct 2007 14:11:33 GMT
Server: Apache/1.3.36 (Unix) mod_auth_tkt/2.0.0rc2
mod_perl/1.29
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=ISO-8859-1
____________________________________________________________________________________
Check out the hottest 2008 models today at Yahoo! Autos.
http://autos.yahoo.com/new_cars.html
------------------------------
Message: 3
Date: Fri, 12 Oct 2007 12:15:47 -0700 (PDT)
From: Qiang Lee <[EMAIL PROTECTED]>
Subject: Re: [modauthtkt-users] cookie missing for IE client but not
Firefox.
To: Michael Peters <[EMAIL PROTECTED]>
Cc: modauthtkt-users@lists.sourceforge.net
Message-ID: <[EMAIL PROTECTED]>
Content-Type: text/plain; charset=iso-8859-1
problem is solved. it is caused by the cookie expires
setup. i have it set to '+1h' and for some reason it
won't work for IE. it works okay if i set it to +1M.
from my previous captured IE http header, it looks
like it was set correctly with 1 hour advanced to the
current client GMT. problem fixed but i haven't
figured out the reason.. :(
POST /app/account/process_login HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg,
image/pjpeg, application/msword,
application/x-shockwave-flash,
application/vnd.ms-excel,
application/vnd.ms-powerpoint, */*
Referer: http://www.example.com/app/account/login
Accept-Language: en-us,en;q=0.5
Content-Type: application/x-www-form-urlencoded
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows
NT 5.1; SV1; .NET CLR 1.0.3705; .NET CLR 1.1.4322)
Host: www.example.com
Content-Length: 40
Connection: Keep-Alive
Cache-Control: no-cache
back=&username=testuser&password=1234567
HTTP/1.1 302 Found
Date: Fri, 12 Oct 2007 00:01:20 GMT
Server: Apache/1.3.36 (Unix) mod_auth_tkt/2.0.0rc2
mod_perl/1.29
Set-Cookie:
auth_tkt=NmY4ZDFiZDZhODgxZTk0ZTkwNDIyZjU5MmRmNGMwY2Q0NzBlYjk1MXRlc3R1c2VyITI%3D;
path=/; expires=Fri, 12-Oct-2007 01:01:21 GMT
Location: /app
Keep-Alive: timeout=15, max=99
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/plain
--- Michael Peters <[EMAIL PROTECTED]> wrote:
> Qiang Lee wrote:
>
> > Set-Cookie:
> >
>
auth_tkt=YTg3OWYyZjVlYmQ5ZTllM2Q3NWExNzdmMTRhMjI3ZGI0NzBlYzIzYnRlc3R1c2VyITI%3D;
> > path=/; expires=Fri, 12-Oct-2007 01:39:23 GMT
>
> Why is it on multiple lines like that? Is that
> something you did? I was under
> the impression that 1 header meant 1 line.
>
> And it's not that your code will create different
> cookies for FF or IE. They
> will be the same HTTP header. It's that IE isn't
> understanding that HTTP header.
> Look at the Set-Cookie header for a cookie you know
> works in IE and compare it
> to this one.
>
> --
> Michael Peters
> Developer
> Plus Three, LP
>
>
____________________________________________________________________________________
Looking for a deal? Find great prices on flights and hotels with Yahoo!
FareChase.
http://farechase.yahoo.com/
------------------------------
Message: 4
Date: Mon, 17 Dec 2007 09:34:23 -0600
From: Peter Karman <[EMAIL PROTECTED]>
Subject: [modauthtkt-users] Catalyst, Apache::AuthTkt, 2.0.0 final
To: modauthtkt-users@lists.sourceforge.net
Message-ID: <[EMAIL PROTECTED]>
Content-Type: text/plain; charset=UTF-8
Hi.
Some of my past projects have been using mod_auth_tkt now for over a year with
great
success. Thanks, Gavin, for your work on this project.
I find I have some tuits now and would like to help with the following:
(a) get some Catalyst::Plugin::Authentication/Authorization code written,
tested and released.
(b) get (my previously mentioned on this list) patch to Apache::AuthTkt
integrated and
released to cpan. The patch makes it possible to extract the original values
from the
cookie, similar to how the C code does it.
(c) help move 2.0.0rc2 to release status.
I expect that (b) and (c) are mostly administrative at this point, barring any
other
patches that are sitting in Gavin's inbox (at least, that's what I assume,
since that's
how my projects work...).
Gavin - how can I help? Signs of life with your project will help increase its
longer-term
viability.
pek
--
Peter Karman . [EMAIL PROTECTED] . http://peknet.com/
------------------------------
Message: 5
Date: Mon, 17 Dec 2007 10:54:04 -0500 (EST)
From: Charlie Brady <[EMAIL PROTECTED]>
Subject: [modauthtkt-users] Lighthttpd anyone?
To: modauthtkt-users@lists.sourceforge.net
Message-ID:
<[EMAIL PROTECTED]>
Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed
Has anyone looked at what would be involved in using authtkts with
lighttpd?
------------------------------
Message: 6
Date: Wed, 19 Dec 2007 20:39:33 +1100
From: Gavin Carr <[EMAIL PROTECTED]>
Subject: Re: [modauthtkt-users] Catalyst, Apache::AuthTkt, 2.0.0 final
To: modauthtkt-users@lists.sourceforge.net
Message-ID: <[EMAIL PROTECTED]>
Content-Type: text/plain; charset=us-ascii
Hi Peter,
On Mon, Dec 17, 2007 at 09:34:23AM -0600, Peter Karman wrote:
> Some of my past projects have been using mod_auth_tkt now for over a year
> with great
> success. Thanks, Gavin, for your work on this project.
You're very welcome. :-)
> I find I have some tuits now and would like to help with the following:
Especially if you come bearing tuits! Mine have been sorely
lacking here for some time.
> (a) get some Catalyst::Plugin::Authentication/Authorization code written,
> tested and released.
I wrote a quick CPA module called CPA::RemoteUser back in June
to pull the user from $ENV{REMOTE_USER} or $r->user. It works,
and I'm using it in production somewhere, but I ran out of time
to get it cleaned up and add Cat test cases etc. You'd be very
welcome to help work on that if that's of interest.
> (b) get (my previously mentioned on this list) patch to Apache::AuthTkt
> integrated and
> released to cpan. The patch makes it possible to extract the original values
> from the
> cookie, similar to how the C code does it.
Yes, that would be great. Could I get some test cases too?
The other patch that's extant is Michael Peter's constructor
cleanups from a little while ago.
If we can get these two in I'll cut a new CPAN release.
> (c) help move 2.0.0rc2 to release status.
>
> I expect that (b) and (c) are mostly administrative at this point, barring
> any other
> patches that are sitting in Gavin's inbox (at least, that's what I assume,
> since that's
> how my projects work...).
Yep. The main thing that needs to be done is check mod_auth_tkt
status under Apache 2.2, since that's becoming pretty widespread
now. I'd also quite like to see the mod_auth_tkt test suite
working for other people, since it seems
> Gavin - how can I help? Signs of life with your project will help increase
> its longer-term
> viability.
Resend me your Apache::AuthTkt changes + tests?
Test mod_auth_tkt under apache 2.2 with various parameters
and confirm what works and what doesn't?
See if you can get the mod_auth_tkt test suite to work for
you?
Clean up my CPA::RemoteUser for me? :-)
I'm currently using bzr for development (http://bazaar-vcs.org/), and
have dev branches for everything here:
-
http://www.openfusion.com.au/bzr/cpan/Catalyst-Plugin-Authentication-RemoteUser/
- http://www.openfusion.com.au/bzr/cpan/Apache-AuthTkt/
- http://www.openfusion.com.au/bzr/mod_auth_tkt/dev/
Or I can send you tarballs of any of those and you can just send
standard patches.
Anyone else like to help?
Cheers,
Gavin
------------------------------
Message: 7
Date: Wed, 19 Dec 2007 20:40:03 +1100
From: Gavin Carr <[EMAIL PROTECTED]>
Subject: Re: [modauthtkt-users] Lighthttpd anyone?
To: modauthtkt-users@lists.sourceforge.net
Message-ID: <[EMAIL PROTECTED]>
Content-Type: text/plain; charset=us-ascii
On Mon, Dec 17, 2007 at 10:54:04AM -0500, Charlie Brady wrote:
> Has anyone looked at what would be involved in using authtkts with
> lighttpd?
Not me, but I'd be interested.
-G
------------------------------
Message: 8
Date: Wed, 19 Dec 2007 13:25:10 -0600
From: Peter Karman <[EMAIL PROTECTED]>
Subject: Re: [modauthtkt-users] Catalyst, Apache::AuthTkt, 2.0.0 final
To: modauthtkt-users@lists.sourceforge.net
Message-ID: <[EMAIL PROTECTED]>
Content-Type: text/plain; charset=UTF-8
On 12/19/2007 03:39 AM, Gavin Carr wrote:
>> (a) get some Catalyst::Plugin::Authentication/Authorization code written,
>> tested and released.
>
> I wrote a quick CPA module called CPA::RemoteUser back in June
> to pull the user from $ENV{REMOTE_USER} or $r->user. It works,
> and I'm using it in production somewhere, but I ran out of time
> to get it cleaned up and add Cat test cases etc. You'd be very
> welcome to help work on that if that's of interest.
>
I am looking at this code now. I have the following suggestions:
(1) rename it to ::AuthTkt
(2) refactor it to check cookies, in addition to REMOTE_USER and $r->user,
using the
parse_ticket() method in my Apache::AuthTkt patch. That way the typical
frontend-proxy/backend-mod_perl setup will still work, since cookies are passed
through
the proxy but env vars are not.
(3) along with #2, define an API for using the token support in mod_auth_tkt
to define
roles, and create compatibility with CP::Authorization::Roles
Thoughts?
>> (b) get (my previously mentioned on this list) patch to Apache::AuthTkt
>> integrated and
>> released to cpan. The patch makes it possible to extract the original values
>> from the
>> cookie, similar to how the C code does it.
>
> Yes, that would be great. Could I get some test cases too?
>
definitely.
> The other patch that's extant is Michael Peter's constructor
> cleanups from a little while ago.
>
where is that patch?
>
> Resend me your Apache::AuthTkt changes + tests?
>
> Test mod_auth_tkt under apache 2.2 with various parameters
> and confirm what works and what doesn't?
>
> See if you can get the mod_auth_tkt test suite to work for
> you?
>
> Clean up my CPA::RemoteUser for me? :-)
>
I've got all the code checked out and will start work asap.
--
Peter Karman . [EMAIL PROTECTED] . http://peknet.com/
------------------------------
-------------------------------------------------------------------------
SF.Net email is sponsored by:
Check out the new SourceForge.net Marketplace.
It's the best place to buy or sell services
for just about anything Open Source.
http://ad.doubleclick.net/clk;164216239;13503038;w?http://sf.net/marketplace
------------------------------
_______________________________________________
modauthtkt-users mailing list
modauthtkt-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/modauthtkt-users
End of modauthtkt-users Digest, Vol 14, Issue 1
***********************************************
