Send modauthtkt-users mailing list submissions to
modauthtkt-users@lists.sourceforge.net
To subscribe or unsubscribe via the World Wide Web, visit
https://lists.sourceforge.net/lists/listinfo/modauthtkt-users
or, via email, send a message with subject or body 'help' to
modauthtkt-users-requ...@lists.sourceforge.net
You can reach the person managing the list at
modauthtkt-users-ow...@lists.sourceforge.net
When replying, please edit your Subject line so it is more specific
than "Re: Contents of modauthtkt-users digest..."
Today's Topics:
1. mod_auth_tkt ported to Apache 2.4 (BERG Dietmar)
2. BasicAuth auto-login for seb-services (Charles Bueche)
3. Beta release for Apache 2.4 (Gavin Carr)
4. Re: Beta release for Apache 2.4 (Charlie Brady)
5. Re: Beta release for Apache 2.4 (Gavin Carr)
6. Re: Beta release for Apache 2.4 (Charlie Brady)
7. Expiry check is missing in Apache::AuthTkt->validate_ticket
(Charlie Brady)
8. Re: Expiry check is missing in
Apache::AuthTkt->validate_ticket (Peter Karman)
----------------------------------------------------------------------
Message: 1
Date: Tue, 7 Apr 2015 20:34:56 +0200
From: BERG Dietmar <dietmar.b...@thalesgroup.com>
Subject: [modauthtkt-users] mod_auth_tkt ported to Apache 2.4
To: "modauthtkt-users@lists.sourceforge.net"
<modauthtkt-users@lists.sourceforge.net>
Message-ID:
<470b78b9f64d0941a121616858fcb829fe106ad...@thsonea01cms02p.one.grp>
Content-Type: text/plain; charset="us-ascii"
Hi folks,
there is relief coming for those with Ubunto 14 LTS and Apache 2.4!
I have just posted a PULL request on GitHub with a version of mod_auth_tkt that
supports Apache 2.4:
https://github.com/gavincarr/mod_auth_tkt/pull/13
Thanks Gavin for this wonderful piece of software which we have been using for
quite a few years now.
Regards,
Dietmar
-------------- next part --------------
An HTML attachment was scrubbed...
------------------------------
Message: 2
Date: Wed, 24 Jun 2015 14:06:20 +0200
From: "Charles Bueche" <cbli...@bueche.ch>
Subject: [modauthtkt-users] BasicAuth auto-login for seb-services
To: modauthtkt-users@lists.sourceforge.net
Message-ID: <d0c6c12b-da12-4f0a-92d3-51ff9d9f4...@bueche.ch>
Content-Type: text/plain; format=flowed
Hi everyone,
I do have a mod_auth_tkt running fine in front of a reverse-proxy, with
the HTML login page and login script talking to some LDAP server. All ok
for humans, but to use the same URL's from web-services is hard, with
the two-step auth (get a ticket 1st, then go again).
Would it be possible to have a basicAuth config creating a valid ticket
on the fly when needed ?
TIA,
Charles
--
Charles Bueche
netnea AG
079 330 00 70
bue...@netnea.com
------------------------------
Message: 3
Date: Fri, 31 Jul 2015 16:38:04 +1000
From: Gavin Carr <ga...@openfusion.com.au>
Subject: [modauthtkt-users] Beta release for Apache 2.4
To: mod_auth_tkt-users <modauthtkt-users@lists.sourceforge.net>
Message-ID: <20150731063804.gc5...@openfusion.com.au>
Content-Type: text/plain; charset=us-ascii
Hi longsuffering mod_auth_tkt users,
I've finally found some tuits to catch up on some of my mod_auth_tkt
backlog, and have released a new beta that includes apache 2.4
compatibility, based on patches from Ivo De Decker, Peter Karman, and
Deitmar Berg.
It also includes a new TKTAuthGuestEmpty directive from Scott
Shambarger, and some small fixes by him and Bernard Hibbins.
It doesn't yet include Deitmar's patches to have mod_auth_tkt act as a
2.4 authz provider, so we can use 'Require tkt-group' instead of the
current TKTAuthToken. I plan to look at that next.
The beta is called 2.3.99b1, and is now available on github:
https://github.com/gavincarr/mod_auth_tkt/releases
Thanks to everyone for their contributions!
Cheers,
Gavin
------------------------------
Message: 4
Date: Fri, 31 Jul 2015 09:08:33 -0400 (EDT)
From: Charlie Brady <charlieb-modauth...@budge.apana.org.au>
Subject: Re: [modauthtkt-users] Beta release for Apache 2.4
To: Gavin Carr <ga...@openfusion.com.au>
Cc: mod_auth_tkt-users <modauthtkt-users@lists.sourceforge.net>
Message-ID:
<pine.lnx.4.64.1507310907270.10...@e-smith.charliebrady.org>
Content-Type: TEXT/PLAIN; charset=US-ASCII
On Fri, 31 Jul 2015, Gavin Carr wrote:
> I've finally found some tuits to catch up on some of my mod_auth_tkt
> backlog, and have released a new beta that includes apache 2.4
> compatibility, based on patches from Ivo De Decker, Peter Karman, and
> Deitmar Berg.
Thanks Gavin!
Have you, or anyone else, looked at porting mod_auth_tkt to nginx?
------------------------------
Message: 5
Date: Sat, 1 Aug 2015 12:08:58 +1000
From: Gavin Carr <ga...@openfusion.com.au>
Subject: Re: [modauthtkt-users] Beta release for Apache 2.4
To: mod_auth_tkt-users <modauthtkt-users@lists.sourceforge.net>
Message-ID: <20150801020858.ga4...@openfusion.com.au>
Content-Type: text/plain; charset=us-ascii
Hi Charlie,
I'm not aware of any nginx port, unfortunately.
Cheers,
Gavin
On Fri, Jul 31, 2015 at 09:08:33AM -0400, Charlie Brady wrote:
> On Fri, 31 Jul 2015, Gavin Carr wrote:
> > I've finally found some tuits to catch up on some of my mod_auth_tkt
> > backlog, and have released a new beta that includes apache 2.4
> > compatibility, based on patches from Ivo De Decker, Peter Karman, and
> > Deitmar Berg.
> Thanks Gavin!
> Have you, or anyone else, looked at porting mod_auth_tkt to nginx?
------------------------------
Message: 6
Date: Tue, 4 Aug 2015 11:58:00 -0400 (EDT)
From: Charlie Brady <charlieb-modauth...@budge.apana.org.au>
Subject: Re: [modauthtkt-users] Beta release for Apache 2.4
To: Gavin Carr <ga...@openfusion.com.au>
Cc: mod_auth_tkt-users <modauthtkt-users@lists.sourceforge.net>
Message-ID:
<pine.lnx.4.64.1508041153170.11...@e-smith.charliebrady.org>
Content-Type: TEXT/PLAIN; charset=US-ASCII
On Sat, 1 Aug 2015, Gavin Carr wrote:
> Hi Charlie,
>
> I'm not aware of any nginx port, unfortunately.
OK, thanks.
I've found a tutorial which might be helpful, for someone taking on this
challenge:
https://www.airpair.com/nginx/extending-nginx-tutorial
The tutorial just happens to walk through the creation of a module which
does ticket based authentication. Nice!
>
> Cheers,
> Gavin
>
>
> On Fri, Jul 31, 2015 at 09:08:33AM -0400, Charlie Brady wrote:
>
> > On Fri, 31 Jul 2015, Gavin Carr wrote:
>
> > > I've finally found some tuits to catch up on some of my mod_auth_tkt
> > > backlog, and have released a new beta that includes apache 2.4
> > > compatibility, based on patches from Ivo De Decker, Peter Karman, and
> > > Deitmar Berg.
>
> > Thanks Gavin!
>
> > Have you, or anyone else, looked at porting mod_auth_tkt to nginx?
>
>
> ------------------------------------------------------------------------------
> _______________________________________________
> modauthtkt-users mailing list
> modauthtkt-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/modauthtkt-users
>
------------------------------
Message: 7
Date: Wed, 11 Jan 2017 11:03:14 -0500 (EST)
From: Charlie Brady <charlieb-modauth...@budge.apana.org.au>
Subject: [modauthtkt-users] Expiry check is missing in
Apache::AuthTkt->validate_ticket
To: modauthtkt-users@lists.sourceforge.net
Message-ID:
<pine.lnx.4.64.1701111055560.15...@e-smith.charliebrady.org>
Content-Type: TEXT/PLAIN; charset=US-ASCII
I've been asked for more logging in my logout script, so I'm not looking
for missing cookies, cookies set to 'probe' and current and expired
cookies. From what I can see, there is nothing in the API for checking
expiry - unlike in the C code in mod_auth_tkt.
http://search.cpan.org/~gavinc/Apache-AuthTkt-2.1/AuthTkt.pm#TICKET_PARSING_AND_VALIDATION
talks about ticket validation, but it doesn't provide any details about
what is valid and what is invalid.
I also see from
https://rt.cpan.org/Public/Bug/Display.html?id=98991
that there are problems with validate_ticket() when either of the shaX
hashes are used.
------------------------------
Message: 8
Date: Wed, 11 Jan 2017 22:49:08 -0600
From: Peter Karman <pe...@peknet.com>
Subject: Re: [modauthtkt-users] Expiry check is missing in
Apache::AuthTkt->validate_ticket
To: modauthtkt-users@lists.sourceforge.net
Message-ID: <a8811886-1d86-c0cc-378f-7e0338e22...@peknet.com>
Content-Type: text/plain; charset=windows-1252; format=flowed
Charlie Brady wrote on 1/11/17 10:03 AM:
>
> I've been asked for more logging in my logout script, so I'm not looking
> for missing cookies, cookies set to 'probe' and current and expired
> cookies. From what I can see, there is nothing in the API for checking
> expiry - unlike in the C code in mod_auth_tkt.
>
> http://search.cpan.org/~gavinc/Apache-AuthTkt-2.1/AuthTkt.pm#TICKET_PARSING_AND_VALIDATION
>
> talks about ticket validation, but it doesn't provide any details about
> what is valid and what is invalid.
>
You are correct. Ticket expiration logic is currently required outside the
library. Here's one example:
https://github.com/karpet/catalyst-authentication-authtkt/blob/master/lib/Catalyst/Authentication/Store/AuthTkt.pm#L195
--
Peter Karman . https://peknet.com/ . https://keybase.io/peterkarman
------------------------------
------------------------------------------------------------------------------
Developer Access Program for Intel Xeon Phi Processors
Access to Intel Xeon Phi processor-based developer platforms.
With one year of Intel Parallel Studio XE.
Training and support from Colfax.
Order your platform today. http://sdm.link/xeonphi
------------------------------
_______________________________________________
modauthtkt-users mailing list
modauthtkt-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/modauthtkt-users
End of modauthtkt-users Digest, Vol 31, Issue 2
***********************************************
