Data

Tools

Indexes

Applications

Experiments

Awesome

An open API service indexing awesome lists of open source software.

https://github.com/sophos/plack-middleware-auth-negotiate

Negotiate (SPNEGO) authentication middleware for Plack
https://github.com/sophos/plack-middleware-auth-negotiate

gssapi perl-module perl5 plack spnego

Last synced: 8 months ago
JSON representation

Negotiate (SPNEGO) authentication middleware for Plack

Awesome Lists containing this project

README 

          
# NAME



Plack::Middleware::Auth::Negotiate - Negotiate authentication middleware (SPNEGO)



# VERSION



version 0.172130



# SYNOPSIS



```perl

use Plack::Builder;

my $app = sub { ... };



builder {

    enable 'Auth::Negotiate', keytab => 'FILE:www.keytab';

    $app;

};

```



# DESCRIPTION



Plack::Middleware::Auth::Negotiate provides Negotiate (SPNEGO) authentication

for your Plack application (for use with Kerberos).



This is a very alpha module, and I am still testing some of the security corner

cases. Help wanted.



# CONFIGURATION



- keytab: path to the keytab to use. This value is set as

`$ENV{KRB5_KTNAME}` if provided.



Note that there is no option for matching URLs. You can do this yourself with

[Plack::Middleware::Conditional](https://metacpan.org/pod/Plack::Middleware::Conditional)'s `enable_if` syntax (for [Plack::Builder](https://metacpan.org/pod/Plack::Builder)).



# TODO



- More security testing.

- Ability to specify a list of valid realms. If REALM.EXAMPLE.COM trusts

REALM.FOOBAR.COM, and we don't want to allow REALM.FOOBAR.COM users, we have to

check after accepting the ticket.

- Option to automatically trim the @REALM.EXAMPLE.COM portion of the user

value.

- Method to also provide Basic auth if Negotiate fails.

- Some way to cooperate with other Auth middleware. `enable_if` is your

best bet right now (with different URLs for each type of authentication, and

writing a session).

- Better interaction with [Plack::Middleware::Session](https://metacpan.org/pod/Plack::Middleware::Session), since this

authentication is slow in my experience.

- Better implementation of the actual RFC.

- Custom "Authorization Required" message



# SEE ALSO



[Plack](https://metacpan.org/pod/Plack), [Plack::Builder](https://metacpan.org/pod/Plack::Builder), [Plack::Middleware::Auth::Basic](https://metacpan.org/pod/Plack::Middleware::Auth::Basic)



[GSSAPI](https://metacpan.org/pod/GSSAPI), mod\_auth\_kerb



# ACKNOWLEDGEMENTS



This code is based off of [Plack::Middleware::Auth::Basic](https://metacpan.org/pod/Plack::Middleware::Auth::Basic) and a sample script

provided with [GSSAPI](https://metacpan.org/pod/GSSAPI).



# AUTHOR



Adrian Kreher 



# COPYRIGHT AND LICENSE



This software is Copyright (c) 2011 by Adrian Kreher .



This is free software, licensed under:



```perl

The (three-clause) BSD License

```