This is Info file pm.info, produced by Makeinfo version 1.68 from the input file bigpm.texi. File: pm.info, Node: Apache/AuthenNIS, Next: Apache/AuthenPasswd, Prev: Apache/AuthenLDAP, Up: Module List mod_perl NIS Authentication module ********************************** NAME ==== Apache::AuthenNIS - mod_perl NIS Authentication module SYNOPSIS ======== # This is the standard authentication stuff AuthName "Foo Bar Authentication" AuthType Basic PerlAuthenHandler Apache::AuthenNIS # Standard require stuff, NIS users or groups, and # "valid-user" all work OK require user username1 username2 ... require group groupname1 groupname2 ... # [Need Apache::AuthzNIS] require valid-user # The following is actually only needed when authorizing # against NIS groups. This is a separate module. PerlAuthzHandler Apache::AuthzNIS These directives can also be used in the directive or in an .htaccess file. DESCRIPTION =========== This perl module is designed to work with mod_perl and the Net::NIS module by Rik Haris (*rik.harris@fulcrum.com.au*). It is a direct adaptation (i.e. I modified the code) of Michael Parker's (*parker@austx.tandem.com*) Apache::AuthenSmb module. The module uses Net::NIS::yp_match to retrieve the "passwd" entry from the passwd.byname map, using the supplied username as the search key. It then uses crypt() to verify that the supplied password matches the retrieved hashed password. Apache::AuthenNIS vs. Apache::AuthzNIS -------------------------------------- I've taken "authentication" to be meaningful only in terms of a user and password combination, not group membership. This means that you can use Apache::AuthenNIS with the *require user* and *require valid-user* directives. In the NIS context I consider *require group* to be an "authorization" concern. I.e., Group authorization consists of establishing whether the already authenticated user is a member of one of the indicated groups in the *require group* directive. This process may be handled by *Apache::AuthzNIS*. I welcome any feedback on this module, esp. code improvements, given that it was written hastily, to say the least. AUTHOR ====== Demetrios E. Paneras COPYRIGHT ========= Copyright (c) 1998 Demetrios E. Paneras, MIT Media Laboratory. This library is free software; you can redistribute it and/or modify it under the same terms as Perl itself. File: pm.info, Node: Apache/AuthenPasswd, Next: Apache/AuthenPasswdSrv, Prev: Apache/AuthenNIS, Up: Module List mod_perl passwd Authentication module ************************************* NAME ==== Apache::AuthenPasswd - mod_perl passwd Authentication module SYNOPSIS ======== # This is the standard authentication stuff AuthName "Foo Bar Authentication" AuthType Basic PerlAuthenHandler Apache::AuthenPasswd # Standard require stuff, /etc/passwd users or /etc/group groups, and # "valid-user" all work OK require user username1 username2 ... require group groupname1 groupname2 ... # [Need Apache::AuthzPasswd] require valid-user # The following is actually only needed when authorizing # against /etc/group. This is a separate module. PerlAuthzHandler Apache::AuthzPasswd These directives can also be used in the directive or in an .htaccess file. DESCRIPTION =========== This perl module is designed to work with mod_perl. It is a direct adaptation (i.e. I modified the code) of Michael Parker's (*parker@austx.tandem.com*) Apache::AuthenSmb module. The module uses getpwnam to retrieve the *passwd* entry from the */etc/passwd* file, using the supplied username as the search key. It then uses crypt() to verify that the supplied password matches the retrieved hashed password. Apache::AuthenPasswd vs. Apache::AuthzPasswd -------------------------------------------- I've taken "authentication" to be meaningful only in terms of a user and password combination, not group membership. This means that you can use Apache::AuthenPasswd with the *require user* and *require valid-user* directives. In the /etc/passwd and /etc/group context I consider *require group* to be an "authorization" concern. I.e., group authorization consists of establishing whether the already authenticated user is a member of one of the indicated groups in the *require group* directive. This process may be handled by *Apache::AuthzPasswd*. Admittedly, AuthzPasswd is a misnomer, but I wanted to keep AuthenPasswd and AuthzPasswd related, if only by name. I welcome any feedback on this module, esp. code improvements, given that it was written hastily, to say the least. AUTHOR ====== Demetrios E. Paneras COPYRIGHT ========= Copyright (c) 1998 Demetrios E. Paneras, MIT Media Laboratory. This library is free software; you can redistribute it and/or modify it under the same terms as Perl itself. File: pm.info, Node: Apache/AuthenPasswdSrv, Next: Apache/AuthenRadius, Prev: Apache/AuthenPasswd, Up: Module List mod_perl Authen Handler *********************** NAME ==== *Apache::AuthenPasswdSrv* - mod_perl Authen Handler SYNOPSIS ======== PerlAuthenHandler Apache::AuthenPasswdSrv->handler() REQUIRES ======== Perl5.004_04, mod_perl 1.15 DESCRIPTION =========== *Apache::AuthenPasswdSrv* is a mod_perl Authentication handler that checks a users credentials against a domain socket server. The included server, *passwd_srv.pl*, checks a username and password against an NIS database using Net::NIS and ypmatch. This release is very alpha. The server protocol is not documented and transaction format will change. The system has been running under light load at my office for about a month now, and no problems are know with the current release. TODO ==== *Module Configuration* Break out module configuration into PerlSetVar statements. *NIS Server Configuration* Figure out MakeMaker enough to auto-configure paths in password server. Documentation Write up Server Protocol documentation. Write a better POD file for the module. *Module/Server Structure* Build class structure for password service client. Add security so client/server can be used with standard IP sockets. Build class structure for server. Build other example servers. ACKNOWLEDGEMENTS ================ Thanks to Premier1 Internet Service, Inc. for allowing me to work on this module during work hours and paying me to muck with Perl. AUTHOR ====== Jeffrey Hulten, jeffh@premier1.net SEE ALSO ======== mod_perl(1). File: pm.info, Node: Apache/AuthenRadius, Next: Apache/AuthenSecurID, Prev: Apache/AuthenPasswdSrv, Up: Module List Authentication via a Radius server ********************************** NAME ==== Apache::AuthenRadius - Authentication via a Radius server SYNOPSIS ======== # Configuration in httpd.conf PerlModule Apache::AuthenRadius # Authentication in .htaccess AuthName Radius AuthType Basic # authenticate via Radius PerlAuthenHandler Apache::AuthenRadius PerlSetVar Auth_Radius_host radius.foo.com PerlSetVar Auth_Radius_port 1647 PerlSetVar Auth_Radius_secret MySharedSecret PerlSetVar Auth_Radius_timeout 5 require valid-user DESCRIPTION =========== This module allows authentication against a Radius server. LIST OF TOKENS ============== * Auth_Radius_host The Radius server host: either its name or its dotted quad IP number. The parameter is passed as the PeerHost option to IO::Socket::INET->new. * Auth_Radius_port The port on which the Radius server is listening: either its service name or its actual port number. This parameter defaults to "1647" which is the official service name for Radius servers. The parameter is passed as the PeerPort option to IO::Socket::INET->new. * Auth_Radius_secret The shared secret for connection to the Radius server. * Auth_Radius_timeout The timeout in seconds to wait for a response from the Radius server. CONFIGURATION ============= The module should be loaded upon startup of the Apache daemon. Add the following line to your httpd.conf: PerlModule Apache::AuthenRadius PREREQUISITES ============= For AuthenRadius you need to enable the appropriate call-back hook when making mod_perl: perl Makefile.PL PERL_AUTHEN=1 SEE ALSO ======== *Note Apache: Apache,, `mod_perl' in this node, `Authen::Radius' in this node AUTHORS ======= * mod_perl by Doug MacEachern * Authen::Radius by Carl Declerck * Apache::AuthenRadius by Daniel Sully COPYRIGHT ========= The Apache::AuthenRadius module is free software; you can redistribute it and/or modify it under the same terms as Perl itself. File: pm.info, Node: Apache/AuthenSecurID, Next: Apache/AuthenSmb, Prev: Apache/AuthenRadius, Up: Module List Authentication via a SecurID server *********************************** NAME ==== Apache::AuthenSecurID - Authentication via a SecurID server SYNOPSIS ======== # Configuration in httpd.conf PerlModule Apache::AuthenSecurID # Authentication in .htaccess AuthName SecurID AuthType Basic # authenticate via SecurID PerlAuthenHandler Apache::AuthenSecurID PerlSetVar Auth_SecurID_VAR_ACE /ace/config/directory PerlSetVar AuthCookie Name_of_Authentication_Cookie PerlSetVar AuthCookiePath /path/of/authentication/cookie require valid-user DESCRIPTION =========== This module allows authentication against a SecurID server. If authentication is successful it sets a cookie with a MD5 hash token. The token expires at midnight local time. LIST OF TOKENS ============== * Auth_SecurID_VAR_ACE The location of the `sdconf.rec' file. It defaults to the directory `/var/ace' if this variable is not set. * AuthCookie The name of the of cookie to be set for the authenticaion token. It defaults to the `SecurID' if this variable is not set. * AuthCookiePath The path of the of cookie to be set for the authenticaion token. It defaults to / if this variable is not set. CONFIGURATION ============= The module should be loaded upon startup of the Apache daemon. Add the following line to your httpd.conf: PerlModule Apache::AuthenSecurID PREREQUISITES ============= For AuthenSecurID you need to enable the appropriate call-back hook when making mod_perl: perl Makefile.PL PERL_AUTHEN=1 SEE ALSO ======== *Note Apache: Apache,, `mod_perl' in this node, `Authen::SecurID' in this node AUTHORS ======= * mod_perl by Doug MacEachern * Authen::ACE by Dave Carrigan * Apache::AuthenSecurID by David Berk COPYRIGHT ========= The Apache::AuthenSecurID module is free software; you can redistribute it and/or modify it under the same terms as Perl itself. File: pm.info, Node: Apache/AuthenSmb, Next: Apache/AuthenURL, Prev: Apache/AuthenSecurID, Up: Module List mod_perl NT Authentication module ********************************* NAME ==== Apache::AuthenSMB - mod_perl NT Authentication module SYNOPSIS ======== # This is the standard authentication stuff AuthName "Foo Bar Authentication" AuthType Basic # Variables you need to set, you must set at least # the myPDC variable, the DOMAIN defaults to WORKGROUP PerlSetVar myPDC workgroup-pdc PerlSetVar myBDC workgroup-bdc PerlSetVar myDOMAIN WORKGROUP PerlAuthenHandler Apache::AuthenSmb # Standard require stuff, only user and # valid-user work currently require valid-user These directives can be used in a .htaccess file as well. If you wish to use your own PerlAuthzHandler then the require directive should follow whatever handler you use. DESCRIPTION =========== This perl module is designed to work with mod_perl and the Authen::Smb module by Patrick Michael Kane (See CPAN). You need to set your PDC, BDC, and NT domain name for the script to function properly. You MUST set a PDC, if no BDC is set it defaults to the PDC, if no DOMAIN is set it defaults to WORKGROUP. If you are using this module please let me know, I'm curious how many people there are that need this type of functionality. AUTHOR ====== Michael Parker COPYRIGHT ========= Copyright (c) 1998 Michael Parker, Tandem Computers. This library is free software; you can redistribute it and/or modify it under the same terms as Perl itself. File: pm.info, Node: Apache/AuthenURL, Next: Apache/AuthzCache, Prev: Apache/AuthenSmb, Up: Module List authenticates via another URL ***************************** NAME ==== Apache::AuthenURL - authenticates via another URL SYNOPSIS ======== #in .htaccess AuthName MyHTTPAuth AuthType Basic PerlAuthenHandler Apache::AuthenCache Apache::AuthenURL::handler Apache::AuthenCache::manage_cache PerlSetVar AuthenURL_method HEAD # a valid LWP method PerlSetVar AuthenURL_url https://somehost PerlSetVar AuthenCache_cache_time Options Indexes FollowSymLinks ExecCGI require valid-user DESCRIPTION =========== I wrote this module to work around the lack of DCE support for Solaris x86. DCE authentication in my application is handled using Gradient's DCE plug-in for Netscape Enterprise Server. The request is encrypted using SSL. ACKNOWLEDGEMENTS ================ The cache code was heavily borrowed from Apache::AuthenDBI by Edmund Mergl , but now has been stripped out in favor of the more general solution in Apache::AuthenCache by Jason Bodnar . SEE ALSO ======== mod_perl(1), Apache::AuthenCache(3), LWP(3) AUTHOR ====== John Groenveld COPYRIGHT ========= This package is Copyright (C) 1998 by John Groenveld. It may be copied, used and redistributed under the same terms as perl itself. File: pm.info, Node: Apache/AuthzCache, Next: Apache/AuthzDBI, Prev: Apache/AuthenURL, Up: Module List mod_perl Cache Authorization Module *********************************** NAME ==== Apache::AuthzCache - mod_perl Cache Authorization Module SYNOPSIS ======== # Authorization Realm and Type (only Basic supported) AuthName "Foo Bar Authentication" AuthType Basic # Any of the following variables can be set. # Defaults are listed to the right. PerlSetVar AuthzCache_CaseSensitive Off # Default: On PerlSetVar AuthzCache_Timeout 60 # Default: Empty String ("") PerlAuthzHandler Apache::AuthzCache Apache::AuthzCache::manage_cache require group "My Group" GroupA "Group B" # Authorize user against # multiple groups DESCRIPTION =========== *Apache::AuthzCache* is designed to work with a mod_perl authorization module to provide caching of group membership for site users. For a list of mod_perl authorization modules see: http://www.cpan.org/modules/by-module/Apache/apache-modlist.html When a request that requires authorization is received, Apache::AuthzCache looks up the REMOTE_USER in a shared-memory cache (using IPC::Cache) and compares the list of groups in the cache against the groups enumerated within the "require" configuration directive. If a match is found, the handler returns OK and clears the downstream Authz handlers from the stack. Otherwise, it returns DECLINED and allows the next PerlAuthzHandler in the chain to be called. After the primary authorization handler completes with an OK, Apache::AuthzCache::manage_cache adds the new group (listed in REMOTE_GROUP) to the cache. CONFIGURATION OPTIONS ===================== The following variables can be defined within the configuration of Directory, Location, or Files blocks or within .htaccess files. AuthzCache_CaseSensitive If this directive is set to 'Off', group matches will be case insensitive. AuthzCache_Timeout The time with which a user's entry within the cache will remain, measured in minutes. NOTES ===== This module requires that the primary authorization handler set the REMOTE_GROUP environment variable with the group to which the user successfully was authorized. This module also has a workaround to the bugs in the set_handlers() method of mod_perl versions prior to 1.26. If mod_perl-1.26 or higher is detected, AuthzCache will use set_handlers to clear the downstream Authz handlers from the stack. Otherwise, it will write notes to downstream handlers. At the time of publication, the only primary authorization handler established to both set the REMOTE_GROUP and read the notes left by AuthzCache is Apache::AuthzLDAP. AUTHORS ======= Christian Gilmore See ALSO ======== httpd(8) COPYRIGHT ========= Copyright (C) 2001, International Business Machines Corporation and others. All Rights Reserved. This module is free software; you can redistribute it and/or modify it under the terms of the IBM Public License. File: pm.info, Node: Apache/AuthzDBI, Next: Apache/AuthzLDAP, Prev: Apache/AuthzCache, Up: Module List Authorization via Perl's DBI **************************** NAME ==== Apache::AuthzDBI - Authorization via Perl's DBI SYNOPSIS ======== # Configuration in httpd.conf or srm.conf: PerlModule Apache::AuthzDBI # Authorization in .htaccess: AuthName DBI AuthType Basic #authorize via DBI PerlAuthzHandler Apache::AuthzDBI PerlSetVar Auth_DBI_data_source dbi:driver:dsn PerlSetVar Auth_DBI_username db_username PerlSetVar Auth_DBI_password db_password #DBI->connect($data_source, $username, $password) PerlSetVar Auth_DBI_pwd_table users PerlSetVar Auth_DBI_uid_field username PerlSetVar Auth_DBI_grp_field groupname #SELECT grp_field FROM pwd_table WHERE uid_field=$user require user user_1 user_2 ... require group group_1 group_2 ... The AuthType is limited to Basic. You may use one or more valid require lines. For a single require line with the tokens valid-user or with distinct user names it is sufficient to use only the AuthenDBI module. This module needs Apache::AuthenDBI, it can not be used stand-alone ! DESCRIPTION =========== This module allows authorization against a database using Perl's DBI. For supported DBI drivers see: http://www.symbolstone.org/technology/perl/DBI/ When the authorization handler is called, the authentication has already been done. This means, that the given username/password has been validated. The handler analyzes and processes the requirements line by line. The request is accepted if the first requirement is fulfilled. In case of 'valid-user' the request is accepted. In case of one or more user-names, they are compared with the given user-name until the first match. In case of one or more group-names, all groups of the given user-name are looked up in the cache. If the user is not found in the cache, the groups are requested from the database. A $; separated list of all these groups is put into the environment variable REMOTE_GROUPS. Then these groups are compared with the required groups until the first match. If there is no match and the authoritative directive is set to 'on' the request is rejected. In case the authorization succeeds, the environment variable REMOTE_GROUP is set to the group name, so scripts that are protected by AuthzDBI don't need to bang on the database server again to get the group name. The SQL-select used for retrieving the groups is as follows (depending upon the existence of a grp_table): SELECT grp_field FROM pwd_table WHERE uid_field = user SELECT grp_field FROM grp_table WHERE uid_field = user This way you can have the group-information either in the main users table, or you can use an extra table, if you have an m:n relationship between users and groups. From all selected groups a comma-separated list is build, which is compared with the required groups. If you don't like normalized group records you can put such a comma-separated list of groups (no spaces) into the grp_field instead of single groups. If a grp_whereclause exists, it is appended to the SQL-select. At the end a CleanupHandler is initialized, which skips through the groups cache and deletes all outdated entries. This is done after sending the response, hence without slowing down response time to the client. The default cache_time is set to 0, which disables the cache, because any user will be deleted immediately from the cache. LIST OF TOKENS ============== * Auth_DBI_data_source The data_source value should begin with 'dbi:driver_name:'. This value (with the 'dbi:...:' prefix removed) is passed to the database driver for processing during connect. * Auth_DBI_username The username argument is passed to the database driver for processing during connect. * Auth_DBI_password The password argument is passed to the database driver for processing during connect. * Auth_DBI_grp_table Contains at least the fields with the username and the groupname. * Auth_DBI_uid_field Field-name containing the username in the Auth_DBI_grp_table. * Auth_DBI_grp_field Field-name containing the groupname in the Auth_DBI_grp_table. * Auth_DBI_grp_whereclause Use this option for specifying more constraints to the SQL-select. * Auth_DBI_authoritative < on / off> Default is 'on'. When set 'on', there is no fall-through to other authorization methods if the authorization check fails. When this directive is set to 'off', control is passed on to any other authorization modules. Be sure you know what you are doing when you decide to switch it off. * Auth_DBI_uidcasesensitive < on / off > Default is 'on'. When set 'off', the entered userid is converted to lower case. Also the userid in the password select-statement is converted to lower case. * Auth_DBI_cache_time Default is 0 = off. When set to any value n > 0, the groups of all users will be cached for n seconds. After finishing the request, a special handler skips through the cache and deletes all outdated entries (entries, which are older than the cache_time). * Auth_DBI_expeditive Default is 'off'. When set to 'on', the result of an authorization failure is an 'Access Forbidden' code instead of 'Authentication Required'. This is less convenient in a few cases because it doesn't allow users to 'switch identities' w/o closing the browser, but is formally more correct and allows support persons to easily diagnose whether the problem is in authentication (wrong password) or in authorization (wrong permissions). * Auth_DBI_placeholder < on / off > Default is 'off'. When set 'on', the select statement is prepared using a placeholder for the username. This may result in improved performance for databases supporting this method. CONFIGURATION ============= The module should be loaded upon startup of the Apache daemon. It needs the AuthenDBI module for the authentication part. Note that this needs mod_perl-1.08 or higher, apache_1.3.0 or higher and that mod_perl needs to be configured with PERL_AUTHEN=1 PERL_AUTHZ=1 PERL_CLEANUP=1 PERL_STACKED_HANDLERS=1. Add the following lines to your httpd.conf or srm.conf: PerlModule Apache::AuthenDBI PerlModule Apache::AuthzDBI PREREQUISITES ============= For Apache::AuthzDBI you need to enable the appropriate call-back hooks when making mod_perl: perl Makefile.PL PERL_AUTHEN=1 PERL_AUTHZ=1 PERL_CLEANUP=1 PERL_STACKED_HANDLERS=1. SEE ALSO ======== *Note Apache: Apache,, `mod_perl' in this node, `DBI' in this node AUTHORS ======= * mod_perl by Doug MacEachern * * Apache::AuthzDBI by Edmund Mergl COPYRIGHT ========= The Apache::AuthzDBI module is free software; you can redistribute it and/or modify it under the same terms as Perl itself. File: pm.info, Node: Apache/AuthzLDAP, Next: Apache/AuthzNIS, Prev: Apache/AuthzDBI, Up: Module List mod_perl LDAP Authorization Module ********************************** NAME ==== Apache::AuthzLDAP - mod_perl LDAP Authorization Module SYNOPSIS ======== # Authorization Realm and Type (only Basic supported) AuthName "Foo Bar Authentication" AuthType Basic # Any of the following variables can be set. # Defaults are listed to the right. PerlSetVar AuthenBaseDN o=Foo,c=Bar # Default: Empty String ("") PerlSetVar AuthzBaseDN o=Tivoli Systems # Default: none PerlSetVar GroupAttrType gid # Default: cn PerlSetVar LDAPServer ldap.foo.com # Default: localhost PerlSetVar LDAPPort 389 # Default: 389 PerlSetVar MemberAttrType uid # Default: member PerlSetVar MemberAttrValue dn # Default: cn PerlSetVar NestedGroups On # Default: off PerlSetVar UidattrType userid # Default: uid PerlAuthzHandler Apache::AuthzLDAP require group "My Group" GroupA "Group B" # Authorize user against # multiple groups DESCRIPTION =========== *Apache::AuthzLDAP* is designed to work with mod_perl and Net::LDAP. This module authorizes a user against an LDAP backend. It can be combined with Apache::AuthenLDAP to provide LDAP authentication as well. CONFIGURATION OPTIONS ===================== The following variables can be defined within the configuration of Directory, Location, or Files blocks or within .htaccess files. AuthenBaseDN The base distinguished name with which to query LDAP for purposes of authentication. By default, the AuthenBaseDN is blank. AuthzBaseDN The base distinguished name with which to query LDAP for purposes of authorization. By default, the AuthzBaseDN is blank. GroupAttrType The attribute type name that contains the group's identification. By default, GroupAttrType is set to cn. MemberAttrType The attribute type name that contains the group member's identification. By default, MemberAttrType is set to member. MemberAttrValue The attribute value contained within the MemberAttrType above. By default, MemberAttrValue is set to cn. NestedGroups When the NestedGroups value is on, a recursive group search occurs until the user is found in a group or the deepest group's member list does not contain any groups. By default, NestedGroups is set to off. UidAttrType The attribute type name that contains the user's identification. By default, UidAttrType is set to uid. NOTES ===== This module has hooks built into it to handle Apache::AuthzCache version 0.02 and higher passing notes to avoid bugs in the set_handlers() method in mod_perl versions prior to 1.26. AUTHORS ======= Jason Bodnar, Christian Gilmore See ALSO ======== httpd(8), ldap(3), mod_perl(1), slapd(8C) COPYRIGHT ========= Copyright (C) 2001, International Business Machines Corporation and others. All Rights Reserved. This module is free software; you can redistribute it and/or modify it under the terms of the IBM Public License. File: pm.info, Node: Apache/AuthzNIS, Next: Apache/AutoIndex, Prev: Apache/AuthzLDAP, Up: Module List mod_perl NIS Group Authorization module *************************************** NAME ==== Apache::AuthzNIS - mod_perl NIS Group Authorization module SYNOPSIS ======== # This is the standard authentication stuff AuthName "Foo Bar Authentication" AuthType Basic # The following is actually only needed when you will authenticate # via NIS passwd as well as authorize via NIS group. # Apache::AuthenNIS is a separate module. PerlAuthenHandler Apache::AuthenNIS # Standard require stuff, NIS users or groups, and # "valid-user" all work OK require user username1 username2 ... require group groupname1 groupname2 ... require valid-user PerlAuthzHandler Apache::AuthzNIS These directives can also be used in the directive or in an .htaccess file. DESCRIPTION =========== This perl module is designed to work with mod_perl, the Net::NIS module by Rik Haris (*rik.harris@fulcrum.com.au*), and the Apache::AuthenNIS module by Demetrios E. Paneras (*dep@media.mit.edu*). It is a direct adaptation (i.e. I modified the code) of Michael Parker's (*parker@austx.tandem.com*) Apache::AuthenSmb module (which also included an authorization routine). The module calls *Net::NIS::yp_match* using each of the *require group* elements as keys to the the *group.byname* map, until a match with the (already authenticated) user is found. For completeness, the module also handles *require user* and *require valid-user* directives. Apache::AuthenNIS vs. Apache::AuthzNIS -------------------------------------- I've taken "authentication" to be meaningful only in terms of a user and password combination, not group membership. This means that you can use Apache::AuthenNIS with the *require user* and *require valid-user* directives. In the NIS context I consider *require group* to be an "authorization" concern. I.e., Group authorization consists of establishing whether the already authenticated user is a member of one of the indicated groups in the *require group* directive. This process may be handled by *Apache::AuthzNIS*. I welcome any feedback on this module, esp. code improvements, given that it was written hastily, to say the least. AUTHOR ====== Demetrios E. Paneras COPYRIGHT ========= Copyright (c) 1998 Demetrios E. Paneras, MIT Media Laboratory. This library is free software; you can redistribute it and/or modify it under the same terms as Perl itself. File: pm.info, Node: Apache/AutoIndex, Next: Apache/AxKit/Language, Prev: Apache/AuthzNIS, Up: Module List Perl replacment for mod_autoindex and mod_dir Apache module *********************************************************** NAME ==== Apache::AutoIndex - Perl replacment for mod_autoindex and mod_dir Apache module SYNOPSIS ======== PerlModule Apache::Icon PerlModule Apache::AutoIndex (PerlModule Image::Magick) optionnal PerlTransHandler Apache::AutoIndex::transhandler PerlHandler Apache::AutoIndex DESCRIPTION =========== This module can replace completely mod_dir and mod_autoindex standard directory handling modules shipped with apache. It can currently live right on top of those modules, but I suggest simply making a new httpd without these modules compiled-in. To start using it on your site right away, simply preload Apache::Icon and Apache::AutoIndex either with: PerlModule Apache::Icon PerlModule Apache::AutoIndex in your httpd.conf file or with: use Apache::Icon (); use Apache::AutoIndex; in your require.pl file. Then it's simply adding PerlTransHandler Apache::Autoindex::transhandler PerlHandler Apache::AutoIndex somewhere in your httpd.conf but outside any Location/Directory containers. VIRTUAL HOSTS ------------- If used in a server using virtual hosts, since mod_perl doesn't have configuration merging routine for virtual hosts, you'll have to put the PerlHandler and PerlTransHandler directives in each and every section you wish to use Apache::AutoIndex with. DIRECTIVES ========== It uses all of the Configuration Directives defined by mod_dir and mod_autoindex. Since the documentation about all those directives can be found on the apache website at: http://www.apache.org/docs/mod/mod_autoindex.html http://www.apache.org/docs/mod/mod_dir.html I will only list modification that might have occured in this perl version. SUPPORTED DIRECTIVES -------------------- * AddDescription * DirectoryIndex * FancyIndexing - should use IndexOptions FancyIndexing since 1.3.2 * IndexOptions - All directives are currently supported. And a few were added * HeaderName - It can now accept a list of files instead of just one * ReadmeName - It can now accept a list of files instead of just one * IndexIgnore * IndexOrderDefault NEW DIRECTIVES -------------- * IndexOptions Thumbnails - Lisitng will now include thumbnails for pictures. Defaults to false. ShowPermissions - prints file permissions. Defaults to false. * PerlSetVar IndexHtmlBody 'expression' This is an expression that should producea complete tag when eval'ed. One example could be : PerlSetVar IndexHtmlBody '' * PerlSetVar IndexHtmlTable value This is a string that will be inserted inside the table tag of the listing like so : * PerlSetVar IndexHtmlHead value This should be the url (absolute/relative) of a ressource that would be inserted right after the tag and before anything else is written. * PerlSetVar IndexHtmlFoot value This should be the url (absolute/relative) of a ressource that would be inserted right before the tag and after everything else is written. * PerlSetVar IndexDebug [0|1] If set to 1, the listing displayed will print usefull (well, to me) debugging information appended to the bottom. The default is 0. UNSUPPORTED DIRECTIVES ---------------------- * - Hopefully none :-) THUMBNAILS ========== Since version 0.07, generation of thumbnails is possible. This means that listing a directory that contains images can be listed with little reduced thumbnails beside each image name instead of the standard 'image' icon. To enable this you simply need to preload Image::Macick in Apache. The IndexOption option Thumbnails controls thumbnails generation for specific directories like any other IndexOption directive. USAGE ----- The way thumbnails are generated/produced can be configured in many ways, but here is a general overview of the procedure. For each directory containing pictures, there will be a .thumbnails directory in it that will hold the thumbnails. Each time the directory is accessed, and if thumbnail generation is active, small thumbnails will be produced, shown beside each image name, instaed of the normal , generic, image icon. That can be done in 2 ways. In the case the image is pretty small, no actual thumbnail will be created. Instead the image will be resized with the HEIGHT and WIDTH attributes of the IMG tag. If the image is big enough, it is resized with Image::Magick and saved in the .thumbnails directory for the next requests. Change in the configuration of the indexing options will correctly refresh the thumbnails stored. Also if an original image is modified, the thumbnail will be modified accordingly. Still, the browser might screw things up if it preserves the cached images. The behaviour of the Thumbnail generating code can be customized with these PerlSetVar variables: DIRECTIVES ---------- * IndexCacheDir dir This is the name of the directory in wich generated thumbnails will be created. Make sure the user under wich the webserver runs has read and write privileges. Defaults to .thumbnails * IndexCreateDir 0|1 Specifies that when a cache directory isn't found, should an attempt to create it be done. Defaults to 1(true), meaning if possible, missing cache directories will be created. * ThumbMaxFilesize bytes This value fixes the size of an image at wich thumbnail processing isn't even attempted. Since trying to process a few very big images could bring a server down to it's knees. Defaults to 500,000 * ThumbMinFilesize bytes This value fixes the size of an image at wich thumbnail processing isn't actually done. Since trying to process already very small images could would be an overkill, the image is simply resized withe the size attributes of the IMG tag. Defaults to 5,000. * ThumbMaxWidth pixels This value fixes the x-size of an image at wich thumbnail processing isn't actually done. Since trying to process already very small images could would be an overkill, the image is simply resized withe the size attributes of the IMG tag. Defaults to 4 times the default icon width. * ThumbMaxHeight pixels This value fixes the y-size of an image at wich thumbnail processing isn't actually done. Since trying to process already very small images could would be an overkill, the image is simply resized withe the size attributes of the IMG tag. Defaults to 4 times the default icon height * ThumbScaleWidth scaling-factor This value fixes an x-scaling factor between 0 and 1 to resize the images with. The image ratio will be preserved only if there is no scaling factor for the other axis of the image. * ThumbScaleHeight scaling-factor This value fixes an y-scaling factor between 0 and 1 to resize the images with. The image ratio will be preserved only if there is no scaling factor for the other axis of the image. * ThumbWidth pixels This value fixes a fixed x-dimension to resize the image with. The image ratio will be preserved only if there is no fixed scaling factor for the other axis of the image. This has no effect if a scaling factor is defined. * ThumbHeight pixels This value fixes a fixed x-dimension to resize the image with. The image ratio will be preserved only if there is no fixed scaling factor for the other axis of the image. This has no effect if a scaling factor is defined. TODO ==== The transhandler problem should be fixed. Some minor changes to the thumbnails options will still have the thumbnails re-generated. This should be avoided by checking the attributes of the already existing thumbnail. Some form of garbage collection should be performed or cache directories will fill up. Find new things to add... SEE ALSO ======== perl(1), *Note Apache: Apache,(3), *Note Apache/Icon: Apache/Icon,(3), *Note Image/Magick: Image/Magick,(3) . SUPPORT ======= Please send any questions or comments to the Apache modperl mailing list or to me at NOTES ===== This code was made possible by : Doug MacEachern Creator of Apache::Icon, and of course, mod_perl. Rob McCool who produced the final mod_autoindex.c I copied, hrm.., well, translated to perl. The mod_perl mailing-list at for all your mod_perl related problems. AUTHOR ====== Philippe M. Chiasson COPYRIGHT ========= Copyright (c) 1999 Philippe M. Chiasson. All rights reserved. This program is free software; you can redistribute it and/or modify it under the same terms as Perl itself. File: pm.info, Node: Apache/AxKit/Language, Next: Apache/AxKit/Language/NotXSLT, Prev: Apache/AutoIndex, Up: Module List base class for all processors ***************************** NAME ==== Apache::AxKit::Language - base class for all processors DESCRIPTION =========== This base class principally provides the get_mtime function for determining the modification time of the stylesheet. Other modules are free to override this function - possibly to provide facilities for determining the minimum mtime of an XML-based stylesheet that includes external entities. File: pm.info, Node: Apache/AxKit/Language/NotXSLT, Next: Apache/AxKit/Language/XPathScript, Prev: Apache/AxKit/Language, Up: Module List Matt's non-xslt template processor ********************************** NAME ==== Apache::AxKit::Language::NotXSLT - Matt's non-xslt template processor SYNOPSIS ======== PerlTypeHandler Apache::AxKit::XMLFinder PerlHandler Apache::AxKit::StyleFinder PerlSetVar StylesheetMap "application/x-notxslt => \ Apache::AxKit::Language::NotXSLT" DESCRIPTION =========== This module implements an XML template system that looks a bit like XSLT, but isn't. Hence the name. It uses XML::XPath, and should be fast enough to use on small web sites dynamically, rather than using static transformation. AUTHOR ====== Matt Sergeant, matt@sergeant.org SEE ALSO ======== XML::XPath(1). File: pm.info, Node: Apache/AxKit/Language/XPathScript, Next: Apache/AxKit/Language/XSP, Prev: Apache/AxKit/Language/NotXSLT, Up: Module List An XML Stylesheet Language ************************** NAME ==== Apache::AxKit::Language::XPathScript - An XML Stylesheet Language SYNOPSIS ======== AxAddStyleMap "application/x-xpathscript => \ Apache::AxKit::Language::XPathScript" DESCRIPTION =========== This documentation has been removed. The definitive reference for XPathScript is now at http://axkit.org/docs/xpathscript/guide.dkb in DocBook format. File: pm.info, Node: Apache/AxKit/Language/XSP, Next: Apache/AxKit/Language/XSP/Util, Prev: Apache/AxKit/Language/XPathScript, Up: Module List eXtensible Server Pages *********************** NAME ==== Apache::AxKit::Language::XSP - eXtensible Server Pages DESCRIPTION =========== XSP implements a tag-based dynamic language that allows you to develop your own tags, examples include sendmail and sql taglibs. DESIGN PATTERNS =============== Writing your own taglibs can be tricky, because you're using an event based API to write out Perl code. These patterns represent the things you may want to achieve when authoring a tag library. *1. Your tag is a wrapper around other things.* Example: ... Solution: Start a new block, so that you can store lexical variables, and declare any variables relevant to your tag: in parse_start: if ($tag eq 'sendmail') { return '{ my ($to, $from, $sender);'; } Often it will also be relevant to execute that code when you see the end tag: in parse_end: if ($tag eq 'sendmail') { return 'Mail::Sendmail::sendmail( to => $to, from => $from, sender => $sender ); }'; } Note there the closing of that original opening block. *2. Your tag indicates a parameter for a surrounding taglib.* Example: ... Solution: Having declared the variable as above, you simply set it to the empty string, with no semi-colon: in parse_start: if ($tag eq 'to') { return '$to = ""'; } Then in parse_char: sub parse_char { my ($e, $text) = @_; $text =~ s/^\s*//; $text =~ s/\s*$//; return '' unless $text; $text =~ s/\|/\\\|/g; return ". q|$text|"; } Note there's no semi-colon at the end of all this, so we add that: in parse_end: if ($tag eq 'to') { return ';'; } All of this black magic allows other taglibs to set the thing in that variable using expressions. *3. You want your tag to return a scalar (string) that does the right thing depending on context. For example, generates a Text node in one place or generates a scalar in another context.* Solution: use start_expr(), append_to_script(), end_expr(). Example: in parse_start: if ($tag eq 'get-datetime') { start_expr($e, $tag); # creates a new { ... } block my $local_format = lc($attribs{format}) || '%a, %d %b %Y %H:%M:%S %z'; return 'my ($format); $format = q|' . $local_format . '|;'; } in parse_end: if ($tag eq 'get-datetime') { append_to_script($e, 'use Time::Object; localtime->strftime($format);'); end_expr($e); return ''; } Explanation: This is more complex than the first 2 examples, so it warrants some explanation. I'll go through it step by step. start_expr(...) This tells XSP that this really generates a tag. Now we don't really generate that tag, we just execute the handler for it. So what happens is the handler gets called, and it looks to see what the current calling context is. If its supposed to generate a text node, it generates some code to do that. If its supposed to generate a scalar, it does that too. Ultimately both generate a do {} block, so we'll summarise that by saying the code now becomes: do { (the end of the block is generated by end_expr()). Now the next step (ignoring the simple gathering of the format variable), is a return, which appends more code onto the generated perl script, so we get: do { my ($format); $format = q|%a, %d %b %Y %H:%M:%S %z|; Now we immediately receive an end_expr, because this is an empty element (we'll see why we formatted it this way in #5 below). The first thing we get is: append_to_script($e, 'use Time::Object; localtime->strftime($format);'); This does exactly what it says, and the script becomes: do { my ($format); $format = q|%a, %d %b %Y %H:%M:%S %z|; use Time::Object; localtime->strftime($format); Finally, we call: end_expr($e); which closes the do {} block, leaving us with: do { my ($format); $format = q|%a, %d %b %Y %H:%M:%S %z|; use Time::Object; localtime->strftime($format); } Now if you execute that in Perl, you'll see the do {} returns the last statement executed, which is the `localtime-'strftime()> bit there, thus doing exactly what we wanted. Note that start_expr, end_expr and append_to_script aren't exported by default, so you need to do: use Apache::AxKit::Language::XSP qw(start_expr end_expr append_to_script); *4. Your tag can take as an option either an attribute, or a child tag.* Example: or $some_uri Solution: There are several parts to this. The simplest is to ensure that whitespace is ignored. We have that dealt with in the example parse_char above. Next we need to handle that variable. Do this by starting a new block with the tag, and setting up the variable: in parse_start: if ($tag eq 'include-uri') { my $code = '{ my ($uri);'; if ($attribs{uri}) { $code .= '$uri = q|' . $attribs{uri} . '|;'; } return $code; } Now if we don't have the attribute, we can expect it to come in the ` tag: in parse_start: if ($tag eq 'uri') { return '$uri = ""'; # note the empty string! } Now you can see that we're not explicitly setting $uri, that's because the parse_char we wrote above handles it by returning '. q|$text|'. And if we have a ` in there, that's handled automagically too. Now we just need to wrap things up in the end handlers: in parse_end: if ($tag eq 'uri') { return ';'; } if ($tag eq 'include-uri') { return 'Taglib::include_uri($uri); # execute the code } # close the block '; } *5. You want to return a scalar that does the right thing in context, but also can take a parameter as an attribute or a child tag.* Example: vs $some_column Solution: This is a combination of patterns 3 and 4. What we need to do is change #3 to simply allow our variable to be added as in #4 above: in parse_start: if ($tag eq 'get-column') { start_expr($e, $tag); my $code = 'my ($col);' if ($attribs{col}) { $code .= '$col = q|' . $attribs{col} . '|;'; } return $code; } if ($tag eq 'column') { return '$col = ""'; } in parse_end: if ($tag eq 'column') { return ';'; } if ($tag eq 'get-column') { append_to_script($e, 'Full::Package::get_column($col)'); end_expr($e); return ''; } *6. You have a conditional tag* Example: No results! Solution: The problem here is that taglibs normally recieve character/text events so that they can manage variables. With a conditional tag, you want character events to be handled by the core XSP and generate text events. So we have a switch for that: if ($tag eq 'no-results') { $e->manage_text(0); return 'if (AxKit::XSP::ESQL::get_count() == 0) {'; } Turning off manage_text with a zero simply ensures that immediate children text nodes of this tag don't fire text events to the tag library, but instead get handled by XSP core, thus creating text nodes (and doing the right thing, generally). (and start_expr, end_expr) Notes =========================================== *Do not* consider adding in the 'do {' ... '}' bits yourself. Always leave this to the start_expr, and end_expr functions. This is because the implementation could change, and you really don't know better than the underlying XSP implementation. You have been warned.