Apache-AuthCookieDBIRadius

DESCRIPTION

        Apache::AuthCookieDBIRadius is a module that subclasses Apache::AuthCookie 
        and is designed to be directly used for authentication in a mod_perl 
        server.

        It allows you to authenticate against a DBI database -OR- your trusted NT domains
        via a Radius server using a login webpage via AuthCookie.  

        It is a ticket-issuing system that looks up username/passwords in a DBI
        database using generic SQL and issues MD5-checksummed tickets valid for
        a configurable time period.  Incoming requests with tickets are
        checksummed and expire-time checked.

        Upon failure, it then checks a Radius server for authentication.
        (You do not need to run a Radius server to use this.  Actually, 
        Radius authentication is commented out by default.  Uncomment the
        Radius lines in AuthCookieDBIRadius.pm if you intend to use this method
        along with a DBI database.  Most won't be using this method.  You'll need to 
        get Radius authentication working first before using AuthCookieDBIRadius.
        See Apache-AuthenRadius, Authen::Radius and http://www.funk.com/radius/.)

        Included is a sample httpd.conf and login.pl for your review.

AUTHCOOKIE

        Also included is a slightly customized AuthCookie.pm based on AuthCookie 3.0.  
        Replace with your existing AuthCookie.pm for added customized error messages:

        # Please enter your username and password (default message).

        # Incorrect Password.

        # Incorrect Username (although some say this isn't a good idea, it can 
          be easily changed to Incorrect Login for the password and username).

        # ERROR! Your session has expired, or your login does not have the proper 
          access level for this webpage.

        # ERROR! Security error. Too many attempts (shared memory remembers how 
          many times the user has failed to login, locking them out after       
          X times).

        # Internal Server Error (usually from an error in the configuration.
          Error number will tell you exactly where you went wrong.) 

        # ERROR! No Password Supplied.

        # ERROR! No Username Supplied.

        # ERROR! Password did not match.
     
        # ERROR! Authentication Failure (meaning DBI and Radius failed).

Grab $TICKET from the %ENV:

$TICKET = $ENV{TICKET} || $ENV{REDIRECT_TICKET}; @split = split(/:/, $TICKET);
# userid:2000-10-04-09-50-14:2000-10-05-09-50-14:y:y:y:y:n:n:n:n:2852b07llladf # 0 = Username
# 1 = issue date
# 2 = expiration date
# 3 = activeuser
# 4 = a
# 5 = b
# 6 = c
# 7 = d
# 8 = e
# 9 = f

# 10 = g
# 10 = key

Now you can issue content based on the users access level.

DEMO

AuthCookieDBIRadius is currently in production at http://www.s1te.com/secure/.

SEE ALSO

        perldoc Apache::AuthCookieDBIRadius
        Apache::AuthCookie
        Apache::AuthCookieDBI