perl-Apache2-AuthCookieDBI-2.19-1.10 RPM for noarch

From OpenSuSE Ports Tumbleweed for noarch

This module is an authentication handler that uses the basic mechanism
provided by Apache2::AuthCookie with a DBI database for ticket-based
protection. It is based on two tokens being provided, a username and
password, which can be any strings (there are no illegal characters for
either). The username is used to set the remote user as if Basic
Authentication was used.

On an attempt to access a protected location without a valid cookie being
provided, the module prints an HTML login form (produced by a CGI or any
other handler; this can be a static file if you want to always send people
to the same entry page when they log in). This login form has fields for
username and password. On submitting it, the username and password are
looked up in the DBI database. The supplied password is checked against the
password in the database; the password in the database can be plaintext, or
a crypt() or md5_hex() checksum of the password. If this succeeds, the user
is issued a ticket. This ticket contains the username, an issue time, an
expire time, and an MD5 checksum of those and a secret key for the server.
It can optionally be encrypted before returning it to the client in the
cookie; encryption is only useful for preventing the client from seeing the
expire time. If you wish to protect passwords in transport, use an
SSL-encrypted connection. The ticket is given in a cookie that the browser
stores.

After a login the user is redirected to the location they originally wished
to view (or to a fixed page if the login "script" was really a static
file).

On this access and any subsequent attempt to access a protected document,
the browser returns the ticket to the server. The server unencrypts it if
encrypted tickets are enabled, then extracts the username, issue time,
expire time and checksum. A new checksum is calculated of the username,
issue time, expire time and the secret key again; if it agrees with the
checksum that the client supplied, we know that the data has not been
tampered with. We next check that the expire time has not passed. If not,
the ticket is still good, so we set the username.

Authorization checks then check that any "require valid-user" or "require
user jacob" settings are passed. Finally, if a "require group foo"
directive was given, the module will look up the username in a groups
database and check that the user is a member of one of the groups listed.
If all these checks pass, the document requested is displayed.

If a ticket has expired or is otherwise invalid it is cleared in the
browser and the login form is shown again.

Provides

• perl-Apache2-AuthCookieDBI
• perl(Apache2::AuthCookieDBI)
• perl(Apache2_4::AuthCookieDBI)

Requires

• perl(:MODULE_COMPAT_5.40.0)
• perl(Apache2::AuthCookie) >= 3.08
• perl(Apache2::Const)
• perl(Apache2::RequestRec)
• perl(Apache2::ServerUtil)
• perl(Crypt::CBC) >= 2.13
• perl(DBI) >= 1.4
• perl(Date::Calc)
• perl(Digest::SHA) >= 5.47
• perl(mod_perl2) >= 1.999022
• rpmlib(CompressedFileNames) <= 3.0.4-1
• rpmlib(FileDigests) <= 4.6.0-1
• rpmlib(PayloadFilesHavePrefix) <= 4.0-1
• rpmlib(PayloadIsZstd) <= 5.4.18-1

License

LGPL-2.1-or-later

Changelog

* Mon Dec 09 2019 <timueller+perl@suse.de>
  - updated to 2.19
    see /usr/share/doc/packages/perl-Apache2-AuthCookieDBI/Changes
    2.19 - Sun Dec  8 15:06:12 PST 2019
    - Added support for group authorizations on Apache 2.4.x. This addresses
      https://github.com/matisse/Apache-AuthCookieDBI/issues/2 and
      https://rt.cpan.org/Public/Bug/Display.html?id=106663.
    - Refactored group authorization code.
    - Eliminated duplicate calls of _dbi_config_vars() to improve efficiency.
    - Added docker directory that contains Dockerfiles for Apache 2.2 and 2.4
      Changes by Ed Sabol https://github.com/esabol
* Sun Aug 18 2019 Stephan Kulow <coolo@suse.com>
  - updated to 2.18
    see /usr/share/doc/packages/perl-Apache2-AuthCookieDBI/Changes
    2.18 - Sat Aug 17 12:35:38 PDT 2019
    - Fix https://github.com/matisse/Apache-AuthCookieDBI/issues/3
      "DBI_CryptType crypt does not appear to work"
      Changes by Ed Sabol https://github.com/esabol
* Mon Jun 03 2013 coolo@suse.com
  - updated to 2.17
    - Added support for Digest::SHA::sha256/384/512_hex digests for passwords.
      This is a response to https://rt.cpan.org/Ticket/Display.html?id=79333
      which requested sha256_base64 but because base64 digests are not properly
      padded I chose to go with sha256/384/512_hex instead.
    - Quote all database column and field names in SQL queries.
      https://rt.cpan.org/Ticket/Display.html?id=79341
      Table column names may confict with sql key words
    - Fix 'wrong method names in calls to apache request logging' for https://rt.cpan.org/Ticket/Display.html?id=77464
    - Implemented a logger() method that uses Apache::Log (inspired by https://rt.cpan.org/Ticket/Display.html?id=75675)
    - Address 'Error Message Inconsistency' https://rt.cpan.org/Ticket/Display.html?id=75725
    - Address ' If user is not active, it produces 2 errors'  https://rt.cpan.org/Ticket/Display.html?id=75724
    - Added small amount of test coverage for authen_cred()
* Thu Oct 20 2011 tabraham@novell.com
  - update to 2.14
    * Changed documentation about WhateverDBI_SecretKey to
      address https://rt.cpan.org/Ticket/Display.html?id=6248
    * Fixes for https://rt.cpan.org/Public/Bug/Display.html?id=66336
      (_dbi_connect should be called as a class method)
  - update to 2.13
    * Build system uses Module::Build (generates a Makefile.PL for
      compatibility)
    * Distro version now matches module version (2.13)
    * Fixed statement handle still active
      <https://rt.cpan.org/Public/Bug/Display.html?id=57906>
      Also added support for WhatEverDBI_UserActiveField. Thanks to
      Chad Columbus
    * Fixed $HEX_STRING_REGEX definition is wrong
      <https://rt.cpan.org/Public/Bug/Display.html?id=46117>
      Thanks to Joe Ingersoll
    * Fixed User authenticated if not in MySQL database
      <https://rt.cpan.org/Ticket/Display.html?id=62470>
      Thanks to Keith Lawson
    * Fixed Login.pl example - syntax error
      <https://rt.cpan.org/Public/Bug/Display.html?id=62487>
      Also moved from eg/public-pl/login.pl to eg/bin/login.pl)
      Thanks to William McKee http://search.cpan.org/~wmckee/
    * Updated documentation to cover protecting the DocumentRoot
      <https://rt.cpan.org/Ticket/Display.html?id=51593>
    * Now depends on DBI 1.40 instead of Apache::DBI
      <https://rt.cpan.org/Ticket/Display.html?id=43083>
* Wed Dec 01 2010 coolo@novell.com
  - switch to perl_requires macro
* Mon Oct 18 2010 coolo@novell.com
  - redo spec file with cpanspec
* Thu Jul 30 2009 cwh@suse.de
  - 2.05 - Thu May 14 18:37:07 PDT 2009
    - Fixed bug in _get_cipher_type() where it was not memoizing the
      Crypt::CBC objects.
    - Fixed https://rt.cpan.org/Ticket/Display.html?id=45207
      Hash keys for configuration values were wrong in several places.
    - Improved test coverage a little.
  - 2.04 - Fri Nov 28 15:41:33 PST 2008
      Incorporated bug fix for authen_ses_key() provided by
      Carl Gustafsson. authen_ses_key() was not properly handling
      any extra_session_info - the fix is to get $hashed_string with
      my $hashed_string = pop @rest;
      Also releasing the work done between April 26, 2005 and February 4, 2007,
      plus bug fix for authen_ses_key
    - Added basic framework for unit tests.
    - Factored out some of the DBI code into new methods:
    - _dbi_connect()
    - _get_crypted_password()
    - Changes to satisfy Perl::Critic, e.g.
    - Removed function prototypes (they are ignored for methods.)
    - Cleaned up regular expressions: use /x, etc.
* Wed Oct 25 2006 cwh@suse.de
  - renamed from perl-Apache-AuthCookieDBI

Files

/usr/lib/perl5/vendor_perl/5.40.0/Apache2
/usr/lib/perl5/vendor_perl/5.40.0/Apache2/AuthCookieDBI.pm
/usr/lib/perl5/vendor_perl/5.40.0/Apache2_4
/usr/lib/perl5/vendor_perl/5.40.0/Apache2_4/AuthCookieDBI.pm
/usr/share/doc/packages/perl-Apache2-AuthCookieDBI
/usr/share/doc/packages/perl-Apache2-AuthCookieDBI/Changes
/usr/share/doc/packages/perl-Apache2-AuthCookieDBI/README
/usr/share/doc/packages/perl-Apache2-AuthCookieDBI/README-docker
/usr/share/doc/packages/perl-Apache2-AuthCookieDBI/generic_reg_auth_scheme.txt
/usr/share/doc/packages/perl-Apache2-AuthCookieDBI/schema.sql
/usr/share/doc/packages/perl-Apache2-AuthCookieDBI/techspec.txt
/usr/share/licenses/perl-Apache2-AuthCookieDBI
/usr/share/licenses/perl-Apache2-AuthCookieDBI/LICENSE
/usr/share/man/man3/Apache2::AuthCookieDBI.3pm.gz
/usr/share/man/man3/Apache2_4::AuthCookieDBI.3pm.gz

Generated by rpm2html 1.8.1

Fabrice Bellet, Sun Feb 9 01:37:00 2025