Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/sophos/plack-middleware-auth-negotiate

Negotiate (SPNEGO) authentication middleware for Plack
https://github.com/sophos/plack-middleware-auth-negotiate

gssapi perl-module perl5 plack spnego

Last synced: 2 days ago
JSON representation

Negotiate (SPNEGO) authentication middleware for Plack

Host: GitHub
URL: https://github.com/sophos/plack-middleware-auth-negotiate
Owner: sophos
License: other
Archived: true
Fork: true (avuserow/Plack-Middleware-Auth-Negotiate)
Created: 2017-07-17T21:07:04.000Z (about 7 years ago)
Default Branch: master
Last Pushed: 2017-08-01T21:41:32.000Z (about 7 years ago)
Last Synced: 2024-09-24T19:52:30.682Z (2 days ago)
Topics: gssapi, perl-module, perl5, plack, spnego
Language: Perl
Homepage: https://metacpan.org/pod/Plack::Middleware::Auth::Negotiate
Size: 17.6 KB
Stars: 0
Watchers: 4
Forks: 0
Open Issues: 0
Metadata Files:
- Readme: README.md
- Changelog: Changes
- License: LICENSE

Awesome Lists containing this project

README

        # NAME

Plack::Middleware::Auth::Negotiate - Negotiate authentication middleware (SPNEGO)

# VERSION

version 0.172130

# SYNOPSIS

```perl

use Plack::Builder;

my $app = sub { ... };

builder {

    enable 'Auth::Negotiate', keytab => 'FILE:www.keytab';

    $app;

};

```

# DESCRIPTION

Plack::Middleware::Auth::Negotiate provides Negotiate (SPNEGO) authentication

for your Plack application (for use with Kerberos).

This is a very alpha module, and I am still testing some of the security corner

cases. Help wanted.

# CONFIGURATION

- keytab: path to the keytab to use. This value is set as

`$ENV{KRB5_KTNAME}` if provided.

Note that there is no option for matching URLs. You can do this yourself with

[Plack::Middleware::Conditional](https://metacpan.org/pod/Plack::Middleware::Conditional)'s `enable_if` syntax (for [Plack::Builder](https://metacpan.org/pod/Plack::Builder)).

# TODO

- More security testing.

- Ability to specify a list of valid realms. If REALM.EXAMPLE.COM trusts

REALM.FOOBAR.COM, and we don't want to allow REALM.FOOBAR.COM users, we have to

check after accepting the ticket.

- Option to automatically trim the @REALM.EXAMPLE.COM portion of the user

value.

- Method to also provide Basic auth if Negotiate fails.

- Some way to cooperate with other Auth middleware. `enable_if` is your

best bet right now (with different URLs for each type of authentication, and

writing a session).

- Better interaction with [Plack::Middleware::Session](https://metacpan.org/pod/Plack::Middleware::Session), since this

authentication is slow in my experience.

- Better implementation of the actual RFC.

- Custom "Authorization Required" message

# SEE ALSO

[Plack](https://metacpan.org/pod/Plack), [Plack::Builder](https://metacpan.org/pod/Plack::Builder), [Plack::Middleware::Auth::Basic](https://metacpan.org/pod/Plack::Middleware::Auth::Basic)

[GSSAPI](https://metacpan.org/pod/GSSAPI), mod\_auth\_kerb

# ACKNOWLEDGEMENTS

This code is based off of [Plack::Middleware::Auth::Basic](https://metacpan.org/pod/Plack::Middleware::Auth::Basic) and a sample script

provided with [GSSAPI](https://metacpan.org/pod/GSSAPI).

# AUTHOR

Adrian Kreher 

# COPYRIGHT AND LICENSE

This software is Copyright (c) 2011 by Adrian Kreher .

This is free software, licensed under:

```perl

The (three-clause) BSD License

```