Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/sophos/plack-middleware-auth-negotiate
Negotiate (SPNEGO) authentication middleware for Plack
https://github.com/sophos/plack-middleware-auth-negotiate
gssapi perl-module perl5 plack spnego
Last synced: 2 days ago
JSON representation
Negotiate (SPNEGO) authentication middleware for Plack
- Host: GitHub
- URL: https://github.com/sophos/plack-middleware-auth-negotiate
- Owner: sophos
- License: other
- Archived: true
- Fork: true (avuserow/Plack-Middleware-Auth-Negotiate)
- Created: 2017-07-17T21:07:04.000Z (about 7 years ago)
- Default Branch: master
- Last Pushed: 2017-08-01T21:41:32.000Z (about 7 years ago)
- Last Synced: 2024-09-24T19:52:30.682Z (2 days ago)
- Topics: gssapi, perl-module, perl5, plack, spnego
- Language: Perl
- Homepage: https://metacpan.org/pod/Plack::Middleware::Auth::Negotiate
- Size: 17.6 KB
- Stars: 0
- Watchers: 4
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- Changelog: Changes
- License: LICENSE
Awesome Lists containing this project
README
# NAME
Plack::Middleware::Auth::Negotiate - Negotiate authentication middleware (SPNEGO)
# VERSION
version 0.172130
# SYNOPSIS
```perl
use Plack::Builder;
my $app = sub { ... };builder {
enable 'Auth::Negotiate', keytab => 'FILE:www.keytab';
$app;
};
```# DESCRIPTION
Plack::Middleware::Auth::Negotiate provides Negotiate (SPNEGO) authentication
for your Plack application (for use with Kerberos).This is a very alpha module, and I am still testing some of the security corner
cases. Help wanted.# CONFIGURATION
- keytab: path to the keytab to use. This value is set as
`$ENV{KRB5_KTNAME}` if provided.Note that there is no option for matching URLs. You can do this yourself with
[Plack::Middleware::Conditional](https://metacpan.org/pod/Plack::Middleware::Conditional)'s `enable_if` syntax (for [Plack::Builder](https://metacpan.org/pod/Plack::Builder)).# TODO
- More security testing.
- Ability to specify a list of valid realms. If REALM.EXAMPLE.COM trusts
REALM.FOOBAR.COM, and we don't want to allow REALM.FOOBAR.COM users, we have to
check after accepting the ticket.
- Option to automatically trim the @REALM.EXAMPLE.COM portion of the user
value.
- Method to also provide Basic auth if Negotiate fails.
- Some way to cooperate with other Auth middleware. `enable_if` is your
best bet right now (with different URLs for each type of authentication, and
writing a session).
- Better interaction with [Plack::Middleware::Session](https://metacpan.org/pod/Plack::Middleware::Session), since this
authentication is slow in my experience.
- Better implementation of the actual RFC.
- Custom "Authorization Required" message# SEE ALSO
[Plack](https://metacpan.org/pod/Plack), [Plack::Builder](https://metacpan.org/pod/Plack::Builder), [Plack::Middleware::Auth::Basic](https://metacpan.org/pod/Plack::Middleware::Auth::Basic)
[GSSAPI](https://metacpan.org/pod/GSSAPI), mod\_auth\_kerb
# ACKNOWLEDGEMENTS
This code is based off of [Plack::Middleware::Auth::Basic](https://metacpan.org/pod/Plack::Middleware::Auth::Basic) and a sample script
provided with [GSSAPI](https://metacpan.org/pod/GSSAPI).# AUTHOR
Adrian Kreher
# COPYRIGHT AND LICENSE
This software is Copyright (c) 2011 by Adrian Kreher .
This is free software, licensed under:
```perl
The (three-clause) BSD License
```