Send modauthtkt-users mailing list submissions to
modauthtkt-users@lists.sourceforge.net
To subscribe or unsubscribe via the World Wide Web, visit
https://lists.sourceforge.net/lists/listinfo/modauthtkt-users
or, via email, send a message with subject or body 'help' to
[EMAIL PROTECTED]
You can reach the person managing the list at
[EMAIL PROTECTED]
When replying, please edit your Subject line so it is more specific
than "Re: Contents of modauthtkt-users digest..."
Today's Topics:
1. Re: Catalyst, Apache::AuthTkt, 2.0.0 final (Gavin Carr)
2. Re: Catalyst, Apache::AuthTkt, 2.0.0 final (Peter Karman)
3. Win32 binary for mod_auth_tkt, (Andrew McGhee)
4. Re: Win32 binary for mod_auth_tkt, (Gavin Carr)
5. mod_auth_tkt port to lighttpd (Bill Lubanovic)
6. Re: mod_auth_tkt port to lighttpd (Gavin Carr)
7. Re: Catalyst, Apache::AuthTkt, 2.0.0 final (Peter Karman)
----------------------------------------------------------------------
Message: 1
Date: Thu, 20 Dec 2007 09:43:51 +1100
From: Gavin Carr <[EMAIL PROTECTED]>
Subject: Re: [modauthtkt-users] Catalyst, Apache::AuthTkt, 2.0.0 final
To: modauthtkt-users@lists.sourceforge.net
Message-ID: <[EMAIL PROTECTED]>
Content-Type: text/plain; charset=us-ascii
On Wed, Dec 19, 2007 at 01:25:10PM -0600, Peter Karman wrote:
> On 12/19/2007 03:39 AM, Gavin Carr wrote:
>
> >> (a) get some Catalyst::Plugin::Authentication/Authorization code written,
> >> tested and released.
> >
> > I wrote a quick CPA module called CPA::RemoteUser back in June
> > to pull the user from $ENV{REMOTE_USER} or $r->user. It works,
> > and I'm using it in production somewhere, but I ran out of time
> > to get it cleaned up and add Cat test cases etc. You'd be very
> > welcome to help work on that if that's of interest.
> >
>
> I am looking at this code now. I have the following suggestions:
>
> (1) rename it to ::AuthTkt
> (2) refactor it to check cookies, in addition to REMOTE_USER and $r->user,
> using the
> parse_ticket() method in my Apache::AuthTkt patch. That way the typical
> frontend-proxy/backend-mod_perl setup will still work, since cookies are
> passed through
> the proxy but env vars are not.
> (3) along with #2, define an API for using the token support in mod_auth_tkt
> to define
> roles, and create compatibility with CP::Authorization::Roles
>
> Thoughts?
They're good suggestions, but I'd probably keep CPA::RemoteUser and add
CPA::AuthTkt separately (perhaps subclassed, if that was to make sense).
I'm thinking REMOTE_USER support is useful generically and is often
sufficient for many uses.
> >> (b) get (my previously mentioned on this list) patch to Apache::AuthTkt
> >> integrated and
> >> released to cpan. The patch makes it possible to extract the original
> >> values from the
> >> cookie, similar to how the C code does it.
> >
> > Yes, that would be great. Could I get some test cases too?
> >
>
> definitely.
>
> > The other patch that's extant is Michael Peter's constructor
> > cleanups from a little while ago.
> >
>
> where is that patch?
I've just double checked it and the functionality Michael was after
is already in the current version (barring debug, which I've just
added - you might want to update).
> > Resend me your Apache::AuthTkt changes + tests?
> >
> > Test mod_auth_tkt under apache 2.2 with various parameters
> > and confirm what works and what doesn't?
> >
> > See if you can get the mod_auth_tkt test suite to work for
> > you?
> >
> > Clean up my CPA::RemoteUser for me? :-)
> >
>
> I've got all the code checked out and will start work asap.
Cool!
Cheers,
Gavin
------------------------------
Message: 2
Date: Fri, 21 Dec 2007 21:44:39 -0600
From: Peter Karman <[EMAIL PROTECTED]>
Subject: Re: [modauthtkt-users] Catalyst, Apache::AuthTkt, 2.0.0 final
To: modauthtkt-users@lists.sourceforge.net
Message-ID: <[EMAIL PROTECTED]>
Content-Type: text/plain; charset=ISO-8859-1
Gavin Carr wrote on 12/19/07 4:43 PM:
> On Wed, Dec 19, 2007 at 01:25:10PM -0600, Peter Karman wrote:
>> On 12/19/2007 03:39 AM, Gavin Carr wrote:
>>
>>>> (a) get some Catalyst::Plugin::Authentication/Authorization code written,
>>>> tested and released.
>>> I wrote a quick CPA module called CPA::RemoteUser back in June
>>> to pull the user from $ENV{REMOTE_USER} or $r->user. It works,
>>> and I'm using it in production somewhere, but I ran out of time
>>> to get it cleaned up and add Cat test cases etc. You'd be very
>>> welcome to help work on that if that's of interest.
>>>
>> I am looking at this code now. I have the following suggestions:
>>
>> (1) rename it to ::AuthTkt
>> (2) refactor it to check cookies, in addition to REMOTE_USER and $r->user,
>> using the
>> parse_ticket() method in my Apache::AuthTkt patch. That way the typical
>> frontend-proxy/backend-mod_perl setup will still work, since cookies are
>> passed through
>> the proxy but env vars are not.
>> (3) along with #2, define an API for using the token support in
>> mod_auth_tkt to define
>> roles, and create compatibility with CP::Authorization::Roles
>>
>> Thoughts?
>
> They're good suggestions, but I'd probably keep CPA::RemoteUser and add
> CPA::AuthTkt separately (perhaps subclassed, if that was to make sense).
> I'm thinking REMOTE_USER support is useful generically and is often
> sufficient for many uses.
>
>
sounds good. I verified with Cat core folks that there isn't already a
REMOTE_USER-checking auth plugin in the works. I'll work on cleaning up
::RemoteUser with an eye for making it easy to subclass in ::AuthTkt.
>>>> (b) get (my previously mentioned on this list) patch to Apache::AuthTkt
>>>> integrated and
>>>> released to cpan. The patch makes it possible to extract the original
>>>> values from the
>>>> cookie, similar to how the C code does it.
>>> Yes, that would be great. Could I get some test cases too?
>>>
>> definitely.
>>
>>> The other patch that's extant is Michael Peter's constructor
>>> cleanups from a little while ago.
>>>
>> where is that patch?
>
> I've just double checked it and the functionality Michael was after
> is already in the current version (barring debug, which I've just
> added - you might want to update).
will do.
>
>>> Resend me your Apache::AuthTkt changes + tests?
>>>
>>> Test mod_auth_tkt under apache 2.2 with various parameters
>>> and confirm what works and what doesn't?
>>>
>>> See if you can get the mod_auth_tkt test suite to work for
>>> you?
>>>
>>> Clean up my CPA::RemoteUser for me? :-)
>>>
>> I've got all the code checked out and will start work asap.
>
asap turns out to be early Jan 08. :)
--
Peter Karman . http://peknet.com/ . [EMAIL PROTECTED]
------------------------------
Message: 3
Date: Fri, 04 Jan 2008 11:31:15 +1000
From: "Andrew McGhee" <[EMAIL PROTECTED]>
Subject: [modauthtkt-users] Win32 binary for mod_auth_tkt,
To: <modauthtkt-users@lists.sourceforge.net>
Message-ID: <[EMAIL PROTECTED]>
Content-Type: text/plain; charset="us-ascii"
Is there a current mod_auth_tkt binary available for the win32
platform?
Or - is there a recommended approach or advice to compiling and using
mod_auth_tkt on a windows platform?
Many thanks in advance.
Andrew
*****************************************************************
This email, including any attachments sent with it, is
confidential and for the sole use of the intended recipient(s).
This confidentiality is not waived or lost, if you receive it and
you are not the intended recipient(s), or if it is transmitted/
received in error.
Any unauthorised use, alteration, disclosure, distribution or
review of this email is strictly prohibited. The information
contained in this email, including any attachment sent with
it, may be subject to a statutory duty of confidentiality if it
relates to health service matters.
If you are not the intended recipient(s), or if you have
received this email in error, you are asked to immediately
notify the sender by telephone collect on Australia
+61 1800 198 175 or by return email. You should also
delete this email, and any copies, from your computer
system network and destroy any hard copies produced.
If not an intended recipient of this email, you must not copy,
distribute or take any action(s) that relies on it; any form of
disclosure, modification, distribution and/or publication of this
email is also prohibited.
Although Queensland Health takes all reasonable steps to
ensure this email does not contain malicious software,
Queensland Health does not accept responsibility for the
consequences if any person's computer inadvertently suffers
any disruption to services, loss of information, harm or is
infected with a virus, other malicious computer programme or
code that may occur as a consequence of receiving this
email.
Unless stated otherwise, this email represents only the views
of the sender and not the views of the Queensland Government.
****************************************************************
-------------- next part --------------
An HTML attachment was scrubbed...
------------------------------
Message: 4
Date: Sat, 5 Jan 2008 08:15:18 +1100
From: Gavin Carr <[EMAIL PROTECTED]>
Subject: Re: [modauthtkt-users] Win32 binary for mod_auth_tkt,
To: modauthtkt-users@lists.sourceforge.net
Message-ID: <[EMAIL PROTECTED]>
Content-Type: text/plain; charset=us-ascii
Hi Andrew,
On Fri, Jan 04, 2008 at 11:31:15AM +1000, Andrew McGhee wrote:
> Is there a current mod_auth_tkt binary available for the win32
> platform?
>
> Or - is there a recommended approach or advice to compiling and using
> mod_auth_tkt on a windows platform?
I'm not aware of anyone who's used mod_auth_tkt on win32, so
you're venturing into uncharted waters.
I'd be happy for you to give it a try, of course. ;-)
Cheers,
Gavin
------------------------------
Message: 5
Date: Thu, 10 Jan 2008 14:13:10 -0600
From: Bill Lubanovic <[EMAIL PROTECTED]>
Subject: [modauthtkt-users] mod_auth_tkt port to lighttpd
To: modauthtkt-users@lists.sourceforge.net
Message-ID: <[EMAIL PROTECTED]>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Mars Agliullin has ported mod_auth_tkt to lighttpd:
http://trac.lighttpd.net/trac/attachment/ticket/426/mod_auth_tkt.tar.gz
Here are a few lines from the readme file:
------
mod_auth_tkt provides secure cookie-based authentification for Lighttpd.
It is a port of Apache module of the same name.
Basically it works as follows:
1) User tries to access a restricted URI
2) mod_auth_tkt checks if the request contains a valid ticket in a cookie
with predetermined name. If not, module redirects the user to login URI
setting reference to the original page via URI parameter or another cookie
3) At the login URI the user is authentified and is given a ticket
4) Original page can be accessed as long as ticket is valid and not expired
5) Valid ticket is periodically refreshed on subsequent requests of protected
pages
More information may be found at the homepage of the original Apache module:
http://www.openfusion.com.au/labs/mod_auth_tkt
The module was tested against lighttpd 1.4.11, 1.4.18 on Ubuntu 6.06 and Cygwin.
------
Bill Lubanovic
------------------------------
Message: 6
Date: Sun, 13 Jan 2008 18:29:43 +1100
From: Gavin Carr <[EMAIL PROTECTED]>
Subject: Re: [modauthtkt-users] mod_auth_tkt port to lighttpd
To: modauthtkt-users@lists.sourceforge.net
Message-ID: <[EMAIL PROTECTED]>
Content-Type: text/plain; charset=us-ascii
On Thu, Jan 10, 2008 at 02:13:10PM -0600, Bill Lubanovic wrote:
> Mars Agliullin has ported mod_auth_tkt to lighttpd:
>
> http://trac.lighttpd.net/trac/attachment/ticket/426/mod_auth_tkt.tar.gz
Cool! Anyone had a chance to play with it yet? Does the author have a
page up for it do you know Bill?
Cheers,
Gavin
------------------------------
Message: 7
Date: Tue, 15 Jan 2008 15:45:36 -0600
From: Peter Karman <[EMAIL PROTECTED]>
Subject: Re: [modauthtkt-users] Catalyst, Apache::AuthTkt, 2.0.0 final
To: modauthtkt-users@lists.sourceforge.net
Message-ID: <[EMAIL PROTECTED]>
Content-Type: text/plain; charset=UTF-8
(1) Apache::AuthTkt 0.07 is now on CPAN with the parse_ticket() method added.
Thanks to
Gaven for expediting that feature.
(2) Catalyst::Plugin::Authentication::AuthTkt was just uploaded to CPAN. It uses
Apache::AuthTkt to authenticate and authorize Catalyst requests.
(3) I'll be helping to move 2.0.0 to a final release in the Near Future(tm).
cheers,
pek
--
Peter Karman . [EMAIL PROTECTED] . http://peknet.com/
------------------------------
-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2008.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
------------------------------
_______________________________________________
modauthtkt-users mailing list
modauthtkt-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/modauthtkt-users
End of modauthtkt-users Digest, Vol 15, Issue 1
***********************************************
