[Catalyst] Auth::PAM??

Tomas Doran bobtfish at bobtfish.net
Fri Nov 14 00:40:41 GMT 2008

On 14 Nov 2008, at 00:28, Michael Higgins wrote:

> I had the idea to make an app that authenticates against PAM.
> Can this be done? There is Cat:P:A:C:PAM, but
> [warn] Credential class "Catalyst::Authentication::Credential::PAM"  
> not found, trying deprecated ::Plugin:: style naming.
> Catalyst::Plugin::Authentication::Credential::PAM has no new()  
> method - Attempting to use uninstantiated
> So... too bad that wasn't patched into the module docs somewhere.  
> As you can imagine, it took quite a bit of digging to get it to  
> work enough to tell me it was deprecated. :(

Does it still work though?

It wouldn't be a lot of effort to fixup the module to work with the  
new authentication framework, but AFAIK we should still have pretty  
comprehensive backwards compatibility...

> OK. There is a Authen::Simple option that doesn't apparently work  
> either. Had to run script as superuser to have perms to read /etc/ 
> shadow. Even then, it failed with no particular error.

:-( That's less than optimum. Is that a known Authen::Simple issue  
(and is there a CPAN RT bug open about it)?

> So, maybe someone on the list can suggest some working, non- 
> deprecated way I can authenticate users against those who have a  
> username on the server? Or am I totally wasting my time?

My other suggestion would be to use apache to do your PAM auth in  
some way (assuming that's easier, I've never tried?), make a simple  
static page with basic auth bound to localhost, and use  
Catalyst::Authentication::Credential::HTTP::Proxy to proxy the auth  
from Catalyst to apache...

Probably more than a little batshit insane, but would also mean you  
could authenticate _anything_ on your web server against PAM, which  
could be useful...


More information about the Catalyst mailing list