Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages

  
 
  

home | help
Plack::Middleware::AutUseriContributed Perl Plack::Middleware::Auth::Digest(3)

NAME
       Plack::Middleware::Auth::Digest - Digest	authentication

SYNOPSIS
	 enable	"Auth::Digest",	realm => "Secured", secret => "blahblahblah",
	     authenticator => sub {
		 my ($username,	$env) =	@_;
		 return	$password; # for $username
	     };

	 # Or return MD5 hash of "$username:$realm:$password"
	 enable	"Auth::Digest",	realm => "Secured", secret => "blahblahblah",
	     password_hashed =>	1,
	     authenticator => sub { return $password_hashed };

DESCRIPTION
       Plack::Middleware::Auth::Digest is a Plack middleware component that
       enables Digest authentication. Your "authenticator" callback is called
       using two parameters: a username	as a string and	the PSGI $env hash.
       Your callback should return a password, either as a raw password	or a
       hashed password.

CONFIGURATIONS
       authenticator
	   A callback that takes a username and	PSGI $env hash and returns a
	   password for	the user, either in a plaintext	password or a MD5 hash
	   of "username:realm:password"	(quotes	not included) when
	   "password_hashed" option is enabled.

       password_hashed
	   A boolean (0	or 1) to indicate whether "authenticator" callback
	   returns passwords in	a plaintext or hashed. Defaults	to 0
	   (plaintext).

       realm
	   A string to represent the realm. Defaults to	restricted area.

       secret
	   Server secret text string that is used to sign nonce. Required.

       nonce_ttl
	   Time-to-live	seconds	to prevent replay attacks. Defaults to 60.

LIMITATIONS
       This middleware expects that the	application has	a full access to the
       headers sent by clients in PSGI environment. That is normally the case
       with standalone Perl PSGI web servers such as Starman or
       HTTP::Server::Simple::PSGI.

       However,	in a web server	configuration where you	can't achieve this
       (i.e. using your	application via	Apache's mod_cgi), this	middleware
       does not	work since your	application can't know the value of
       "Authorization:"	header.

       If you use Apache as a web server and CGI to run	your PSGI application,
       you can either a) compile Apache	with
       "-DSECURITY_HOLE_PASS_AUTHORIZATION" option, or b) use mod_rewrite to
       pass the	Authorization header to	the application	with the rewrite rule
       like following.

	 RewriteEngine on
	 RewriteRule .*	- [E=HTTP_AUTHORIZATION:%{HTTP:Authorization},L]

AUTHOR
       Yuji Shimada <xaicron@cpan.org>

       Tatsuhiko Miyagawa

COPYRIGHT
       Yuji Shimada, Tatsuhiko Miyagawa	2010-

SEE ALSO
       Plack::Middleware::Auth::Basic

LICENSE
       This library is free software; you can redistribute it and/or modify it
       under the same terms as Perl itself.

perl v5.24.1			  2015-03-31Plack::Middleware::Auth::Digest(3)

NAME | SYNOPSIS | DESCRIPTION | CONFIGURATIONS | LIMITATIONS | AUTHOR | COPYRIGHT | SEE ALSO | LICENSE

Want to link to this manual page? Use this URL:
<https://www.freebsd.org/cgi/man.cgi?query=Plack::Middleware::Auth::Digest&sektion=3&manpath=FreeBSD+12.1-RELEASE+and+Ports>

home | help