X-Git-Url: http://git.vanrenterghem.biz/git.ikiwiki.info.git/blobdiff_plain/825e2b1378b1def4980e36642ed84999599eb017..f32f6411ff604a879151ab329907afca351ea3b6:/doc/plugins/passwordauth/discussion.mdwn diff --git a/doc/plugins/passwordauth/discussion.mdwn b/doc/plugins/passwordauth/discussion.mdwn index 672970c21..50e21062e 100644 --- a/doc/plugins/passwordauth/discussion.mdwn +++ b/doc/plugins/passwordauth/discussion.mdwn @@ -77,3 +77,75 @@ as the script handler, or only on `mod_perl` to be installed and loaded. * [http://www.openfusion.com.au/labs/mod_auth_tkt/](mod_auth_tkt) along with CPAN's `Apache::AuthTkt` --[[intrigeri]] + +I've more or less managed to implement something based on `mod_perl` and +`Apache::AuthenHook`, respectively in Debian packages `libapache2-mod-perl2` +and `libapache-authenhook-perl`. + +In the Apache VirtualHost configuration, I have added the following: + + PerlLoadModule Apache::AuthenHook + PerlModule My::IkiWikiBasicProvider + + + AuthType Basic + AuthName "wiki" + AuthBasicProvider My::IkiWikiBasicProvider + Require valid-user + ErrorDocument 401 /test/ikiwiki.cgi?do=signin + + + Satisfy any + + +The perl module lies in `/etc/apache2/My/IkiWikiBasicProvider.pm`: + + package My::IkiWikiBasicProvider; + + use warnings; + use strict; + use Apache2::Const -compile => qw(OK DECLINED HTTP_UNAUTHORIZED); + use Storable; + use Authen::Passphrase; + + sub userinfo_retrieve () { + my $userinfo=eval{ Storable::lock_retrieve("/var/lib/ikiwiki/test/.ikiwiki/userdb") }; + return $userinfo; + } + + sub handler { + my ($r, $user, $password) = @_; + my $field = "password"; + + if (! defined $password || ! length $password) { + return Apache2::Const::DECLINED; + } + my $userinfo = userinfo_retrieve(); + if (! length $user || ! defined $userinfo || + ! exists $userinfo->{$user} || ! ref $userinfo->{$user}) { + return Apache2::Const::DECLINED; + } + my $ret=0; + if (exists $userinfo->{$user}->{"crypt".$field}) { + error $@ if $@; + my $p = Authen::Passphrase->from_crypt($userinfo->{$user}->{"crypt".$field}); + $ret=$p->match($password); + } + elsif (exists $userinfo->{$user}->{$field}) { + $ret=$password eq $userinfo->{$user}->{$field}; + } + if ($ret) { + return Apache2::Const::OK; + } + return Apache2::Const::DECLINED; + } + + 1; + +This setup also allows people with the master password to create their own +account. + +I'm not really fluent in Perl, and all this can probably be improved (*or +might destroy your computer as it is* and YMMV). + +-- [[Lunar]]