Apache2::AuthenSecurID - Authentication via a SecurID server
# Configuration in httpd.conf or access.conf
PerlModule Apache2::AuthenSecurID
<Location /secure/directory> AuthName SecurID AuthType Basic
PerlAuthenHandler Apache2::AuthenSecurID PerlSetVar AuthCryptKey Encryption_Key PerlSetVar AuthCookie Name_of_Authentication_Cookie PerlSetVar AuthUserCookie Name_of_Username_Authentication_Cookie PerlSetVar AuthCookiePath /path/of/authentication/cookie PerlSetVar AuthCookieTimeOut 30 PerlSetVar Auth_Handler /path/of/authentication/handler require valid-user </Location>
This module allows authentication against a SecurID server. It detects whether a user has a valid encrypted cookie containing their username and last activity time stamp. If the cookie is valid the module will change the activity timestamp to the present time, encrypt and send the cookie. If the cookie is not valid the module will redirect to the authentication handler to prompt for username and passcode.
AuthCryptKey
The Blowfish key used to encrypt and decrypt the authentication cookie. It defaults to my secret if this variable is not set.
AuthCookie
The name of the of cookie to be set for the authentication token. It defaults to SecurID if this variable is not set.
AuthUserCookie
The name of the of cookie that contains the value of the persons username in plain text. This is checked against the contents of the encrypted cookie to verify user. The cookie is set of other applications can identify authorized users. It defaults to SecurID_User if this variable is not set.
AuthCookiePath
The path of the of cookie to be set for the authentication token. It defaults to / if this variable is not set.
AuthCookieTimeOut
The time in minute a cookie is valid for. It is not recommended to set below 5. It defaults to 30 if this variable is not set.
Auth_Handler
The path of authentication handler. This is the URL which request with invalid cookie are redirected to. The handler will prompt for username and passcode. It does the actual authentication and sets the initial cookie. This mechanism is used instead of get_basic_auth_pw because get_basic_auth_pw will do multiple authentication attempt on pages that contain frames. The ACE server will deny simultaneous authentication attempts since it considers this a type of attack. It defaults to /ace_init if this variable is not set. Please see Apache2::AuthenSecurID::Auth to properly configure this functionality.
The module should be loaded upon startup of the Apache daemon. Add the following line to your httpd.conf:
For AuthenSecurID you need to enable the appropriate call-back hook when making mod_perl:
perl Makefile.PL PERL_AUTHEN=1
AuthenSecurID requires Crypt::Blowfish and Crypt::CBC.
Apache, mod_perl, Authen::ACE Apache2::AuthenSecurID::Auth
mod_perl by Doug MacEachern <dougm@osf.org>
Authen::ACE by Dave Carrigan <Dave.Carrigan@iplenergy.com>
Apache::AuthenSecurID by David Berk <dberk@lump.org>
mod_perl2 port and other modifications by Al Tobey <tobert@gmail.com>
The Apache2::AuthenSecurID module is free software; you can redistribute it and/or modify it under the same terms as Perl itself.
4 POD Errors
The following errors were encountered while parsing the POD:
'=item' outside of any '=over'
You forgot a '=back' before '=head1'
To install Apache2::AuthenSecurID, copy and paste the appropriate command in to your terminal.
cpanm
cpanm Apache2::AuthenSecurID
CPAN shell
perl -MCPAN -e shell install Apache2::AuthenSecurID
For more information on module installation, please visit the detailed CPAN module installation guide.