CGI::Bus::uauth - default or base user authentication class
use CGI::Bus; $s =CGI::Bus->new(); $s->ugroups; # get groups current user belongs to use CGI::Bus; $s =CGI::Bus->new(); $s->set(-login => '/cgi-bin/login-screen.cgi'); $s->uauth; # go to login screen use CGI::Bus; $s =CGI::Bus->new(); $s->set(-login => undef); $s->uauth->authscr # login script under web server authentication use CGI::Bus; $s =CGI::Bus->new(); $s->uauth->loginscr; # ... with authentication by application
This is default or base user authentication class. It provides user, ugroups, uglist, auth methods for CGI::Bus 'user' and 'group' methods, which are wrappers to CGI::Bus::uauth. It contains platform specific methods and may be overwritten in CGI::Bus with '-import'. It implements a three user authentication methods:
user
ugroups
uglist
auth
CGI::Bus::uauth
Web server user authentication on Win32 IIS or Apache with 'NTLM' module. Win32 operation use 'findgrp.exe' Windows NT Resource Kit utility and/or Windows 2000 ADSI via Win32::OLE module and/or Win32API::Net module.
Apache user authentication with 'AuthUserFile' and 'AuthGroupFile'.
User authentication by application (with loginscr or auth/authscr), where user data are stored within CGI::Bus::udata or its replacement.
loginscr
authscr
Cookie operation (auth, loginscr, signchk, signset, logout) use Digest modules, default is 'MD5'.
signchk
signset
logout
See CGI::Bus::Base for inherited slots and methods.
Use Windows2000 ADSI via Win32::OLE module if -adsi. Use '1' or '0' or undef value, other values are reserved.
-adsi
Pointer to Apache's 'AuthUserFile'
Pointer to Apache's 'AuthGroupFile'
Digest submodule to use with signchk and signset. Default used is 'MD5'
Login screen URL. Used by auth
If true, user authentication by application will be supposed with CGI::Bus::udata component for ugroups and uglist calls
User authentication request or login operation. Redirect to -login and exit may be used for authentication. Login screen should set $ENV{REMOTE_USER} (by web server or itself) and call auth; signset(?redirect) will be called inside. This operation is for optional web server authentication. It is not needed when web server authentication is set for scripts. loginscr may be used for user authentication by application.
-login
User authentication screen for login scripts under web server authentication. Contains CGI::Bus userauth call, which calls auth. Not authenticated users will be authenticated and redirected back. Authenticated users will get authentication information page with URL to return back. This method is created partially due to possible browser redirection problems.
userauth
Form and return URL to call login script. Default login script URL is -login. If there is no login script URL, empty string will be returned. If login script URL ends with '/' sign, it is treated as authenticated location, and current script name will to be appended. Default return URL is current script's URL. auth call can redirect to login script, but authurl may be used to place URL to lead user to login script directly and decrease browser redirections.
authurl
Login screen operation for user authentication by application. Options: 'l'ogin, 'r'egister user function, user 'i'nfo function, default '-lri'. Use auth instead of loginscr for web server authentication with cookie. See issue about authentication by application.
Clear user authentication cookie and redirect to URL given or $ENV{HTTP_REFERER}
Check authentication cookie. Dies on corrupted. Returns empty if no cookie. Uses Digest
Get authentication cookie data, undef if not exists. May be used to detect authentication cookie existence
Set authentication cookie, redirect, exit Uses $ENV{REMOTE_USER} and $ENV{REMOTE_ADDR} for cookie data. Uses Digest
List (array ref) of user and group names. Options are: 'u'sers only, 'g'roups only, default is '-ug'. Form with hash ref may be used to get names and labels of them. Labels begin with user name, comma, and blank sign.
Groups array ref user belongs to
User names Server's Domain name - Windows NT or DNS domain name. See also userver.
userver
Current user name. Result of web server or script authentication: $ENV{REMOTE_USER} ||$ENV{AUTH_USER}... ||signchk
User names Server name - Windows NT or DNS host name. See also usdomain.
usdomain
ugroups on Win32 returns global group names prefixed with domain name for users from foreign domains.
Filtered rows with space chars only 'findgrp.exe' may return.
-adsi switch, attempting to use a Windows 2000 ADSI, see issues in the source code
Implemented and Documented
? AuthDBMUserFile('user'=>), AuthDBMGroupFile('user'=>'groups') ? AuthDBUserFile, AuthDBGroupFile
- All platform and authentication method specifics could not be implemented in a one module. Another authentication support modules may be needed. - Application (password, not web server) authentication interferes with web server access control to a files. So, if application publishes files via URLs, this URLs should operate via scripts, or only web server authentication should be used.
Andrew V Makarow <makarow@mail.com>
8 POD Errors
The following errors were encountered while parsing the POD:
You forgot a '=back' before '=head2'
'=item' outside of any '=over'
To install CGI::Bus, copy and paste the appropriate command in to your terminal.
cpanm
cpanm CGI::Bus
CPAN shell
perl -MCPAN -e shell install CGI::Bus
For more information on module installation, please visit the detailed CPAN module installation guide.