GSP
Quick Navigator

Search Site

Unix VPS
A - Starter
B - Basic
C - Preferred
D - Commercial
MPS - Dedicated
Previous VPSs
* Sign Up! *

Support
Contact Us
Online Help
Handbooks
Domain Status
Man Pages

FAQ
Virtual Servers
Pricing
Billing
Technical

Network
Facilities
Connectivity
Topology Map

Miscellaneous
Server Agreement
Year 2038
Credits
 

USA Flag

 

 

Man Pages


Manual Reference Pages  -  PLACK::MIDDLEWARE::AUTH::DIGEST (3)

.ds Aq ’

NAME

Plack::Middleware::Auth::Digest - Digest authentication

CONTENTS

SYNOPSIS



  enable "Auth::Digest", realm => "Secured", secret => "blahblahblah",
      authenticator => sub {
          my ($username, $env) = @_;
          return $password; # for $username
      };

  # Or return MD5 hash of "$username:$realm:$password"
  enable "Auth::Digest", realm => "Secured", secret => "blahblahblah",
      password_hashed => 1,
      authenticator => sub { return $password_hashed };



DESCRIPTION

Plack::Middleware::Auth::Digest is a Plack middleware component that enables Digest authentication. Your authenticator callback is called using two parameters: a username as a string and the PSGI $env hash. Your callback should return a password, either as a raw password or a hashed password.

CONFIGURATIONS

authenticator A callback that takes a username and PSGI $env hash and returns a password for the user, either in a plaintext password or a MD5 hash of username:realm:password (quotes not included) when password_hashed option is enabled.
password_hashed A boolean (0 or 1) to indicate whether authenticator callback returns passwords in a plaintext or hashed. Defaults to 0 (plaintext).
realm A string to represent the realm. Defaults to restricted area.
secret Server secret text string that is used to sign nonce. Required.
nonce_ttl Time-to-live seconds to prevent replay attacks. Defaults to 60.

LIMITATIONS

This middleware expects that the application has a full access to the headers sent by clients in PSGI environment. That is normally the case with standalone Perl PSGI web servers such as Starman or HTTP::Server::Simple::PSGI.

However, in a web server configuration where you can’t achieve this (i.e. using your application via Apache’s mod_cgi), this middleware does not work since your application can’t know the value of Authorization: header.

If you use Apache as a web server and CGI to run your PSGI application, you can either a) compile Apache with -DSECURITY_HOLE_PASS_AUTHORIZATION option, or b) use mod_rewrite to pass the Authorization header to the application with the rewrite rule like following.



  RewriteEngine on
  RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization},L]



AUTHOR

Yuji Shimada <xaicron@cpan.org>

Tatsuhiko Miyagawa

COPYRIGHT

Yuji Shimada, Tatsuhiko Miyagawa 2010-

SEE ALSO

Plack::Middleware::Auth::Basic

LICENSE

This library is free software; you can redistribute it and/or modify it under the same terms as Perl itself.
Search for    or go to Top of page |  Section 3 |  Main Index


perl v5.20.3 PLACK::MIDDLEWARE::AUTH::DIGEST (3) 2015-03-31

Powered by GSP Visit the GSP FreeBSD Man Page Interface.
Output converted with manServer 1.07.