Apache2::AuthenNIS - mod_perl2 NIS Authentication module

Apache2-AuthenNIS documentation Contained in the Apache2-AuthenNIS distribution.

Index

Code Index:

NAME

Top

Apache2::AuthenNIS - mod_perl2 NIS Authentication module

VERSION

Top

Version 0.14

SYNOPSIS

Top

    <Directory /foo/bar>
    # This is the standard authentication stuff
    AuthName "Foo Bar Authentication"
    AuthType Basic

    PerlAuthenHandler Apache::AuthenNIS

    # Set if you want to allow an alternate method of authentication
    PerlSetVar AllowAlternateAuth yes | no

    # Standard require stuff, NIS users or groups, and
    # "valid-user" all work OK
    require user username1 username2 ...
    require valid-user

    # The following is actually only needed when authorizing
    # against NIS groups. This is a separate module.
    PerlAuthzHandler Apache::AuthzNIS

    </Directory>

    These directives can also be used in the <Location> directive or in
    an .htaccess file.

DESCRIPTION

Top

This perl module is designed to work with mod_perl2 and the Net::NIS module by Rik Haris (rik.harris@fulcrum.com.au). Version 0.13 of Apache::AuthenNIS was renamed and modified to use mod_perl2. That module was a direct adaptation of Michael Parker's (parker@austx.tandem.com) Apache::AuthenSmb module.

The module uses Net::NIS::yp_match to retrieve the "passwd" entry from the passwd.byname map, using the supplied username as the search key. It then uses crypt() to verify that the supplied password matches the retrieved hashed password.

Parameters

PerlSetVar AllowAlternateAuth

This attribute allows you to set an alternative method of authentication (Basically, this allows you to mix authentication methods, if you don't have all users in the NIS database). It does this by returning a DECLINE and checking for the next handler, which could be another authentication, such as Apache-AuthenNTLM or basic authentication.

Functions

handler

This is the mod_perl2 handler function.

INSTALLATION

Top

To install this module, run the following commands:

    perl Build.PL
    ./Build
    ./Build test
    ./Build install

AUTHOR

Top

Demetrios E. Paneras, <dep at media.mit.edu>

Ported to mod_perl by Shannon Eric Peevey, <speeves at unt.edu>

Ported to mod_perl2 by Nguon Hao Ching, <hao at iteaha.us>

BUGS

Top

Please report any bugs or feature requests to bug-apache2-authennis at rt.cpan.org, or through the web interface at http://rt.cpan.org/NoAuth/ReportBug.html?Queue=Apache2-AuthenNIS. I will be notified, and then you'll automatically be notified of progress on your bug as I make changes.

SUPPORT & DOCUMENTATION

Top

You can find documentation for this module with the perldoc command.

    perldoc Apache2::AuthenNIS

You can also look for information at:

* RT: CPAN's request tracker

http://rt.cpan.org/NoAuth/Bugs.html?Dist=Apache2-AuthenNIS

* AnnoCPAN: Annotated CPAN documentation

http://annocpan.org/dist/Apache2-AuthenNIS

* CPAN Ratings

http://cpanratings.perl.org/d/Apache2-AuthenNIS

* Search CPAN

http://search.cpan.org/dist/Apache2-AuthenNIS

COPYRIGHT & LICENSE

Top

Copyright (c) 1998 Demetrios E. Paneras, MIT Media Laboratory.

This program is free software; you can redistribute it and/or modify it under the same terms as Perl itself.

Apache2-AuthenNIS documentation Contained in the Apache2-AuthenNIS distribution. 
package Apache2::AuthenNIS;

use warnings;
use strict;
use Net::NIS;
use mod_perl2;

BEGIN {
    require Apache2::Const;
    require Apache2::Access;
    require Apache2::Connection;
    require Apache2::Log;
    require Apache2::RequestRec;
    require Apache2::RequestUtil;
    Apache2::Const->import(
        '-compile' => 'HTTP_UNAUTHORIZED',
                      'OK', 'HTTP_INTERNAL_SERVER_ERROR', 'DECLINED'
    );
}


our $VERSION = '0.15';



sub handler {
    my $r = shift;
    my( $res, $sent_pwd ) = $r->get_basic_auth_pw;
    return $res if $res; #decline if not Basic

    my $name = $r->user;

    my $allowaltauth = $r->dir_config( 'AllowAlternateAuth' ) || "no";

    my $domain = Net::NIS::yp_get_default_domain();
    unless( $domain ) {
        $r->note_basic_auth_failure;
        $r->log_error( __PACKAGE__, " - cannot obtain NIS domain", $r->uri );
        return Apache2::Const::HTTP_INTERNAL_SERVER_ERROR;
    }

    if ( $name eq q() ) {
        $r->note_basic_auth_failure;
        $r->log_error( __PACKAGE__, " - no username given", $r->uri );
        return Apache2::Const::HTTP_UNAUTHORIZED;
    }

    my( $status, $entry ) = Net::NIS::yp_match( $domain, "passwd.byname", $name );

    if ( $status ) {
        if ( lc( $allowaltauth ) eq "yes" && $status == 5 ) {
            return Apache2::Const::DECLINED;
        }
        else {
            my $error_msg = Net::NIS::yperr_string( $status );
            $r->note_basic_auth_failure;
            $r->log_error( __PACKAGE__, " - user $name: yp_match: status ",
                           "$status, $error_msg", $r->uri );
            return Apache2::Const::HTTP_UNAUTHORIZED;
        }
    }

    my( $user, $hash, $uid, $gid, $gecos, $dir, $shell ) = split( /:/, $entry );

    if ( crypt( $sent_pwd, $hash ) eq $hash ) {
        return Apache2::Const::OK;
    } else {
        if ( lc( $allowaltauth ) eq "yes" ) {
            return Apache2::Const::DECLINED;
        }
        else {
            $r->note_basic_auth_failure;
            $r->log_error( __PACKAGE__, " - user $name: bad password", $r->uri );
            return Apache2::Const::HTTP_UNAUTHORIZED;
        }
    }

    return Apache2::Const::OK;
}


1; # End of Apache2::AuthenNIS