[Catalyst] Auth::PAM??
Tomas Doran
bobtfish at bobtfish.net
Fri Nov 14 00:40:41 GMT 2008
On 14 Nov 2008, at 00:28, Michael Higgins wrote:
> I had the idea to make an app that authenticates against PAM.
>
> Can this be done? There is Cat:P:A:C:PAM, but
>
> [warn] Credential class "Catalyst::Authentication::Credential::PAM"
> not found, trying deprecated ::Plugin:: style naming.
> [error] THIS IS DEPRECATED:
> Catalyst::Plugin::Authentication::Credential::PAM has no new()
> method - Attempting to use uninstantiated
>
> So... too bad that wasn't patched into the module docs somewhere.
> As you can imagine, it took quite a bit of digging to get it to
> work enough to tell me it was deprecated. :(
>
Does it still work though?
It wouldn't be a lot of effort to fixup the module to work with the
new authentication framework, but AFAIK we should still have pretty
comprehensive backwards compatibility...
> OK. There is a Authen::Simple option that doesn't apparently work
> either. Had to run script as superuser to have perms to read /etc/
> shadow. Even then, it failed with no particular error.
>
:-( That's less than optimum. Is that a known Authen::Simple issue
(and is there a CPAN RT bug open about it)?
> So, maybe someone on the list can suggest some working, non-
> deprecated way I can authenticate users against those who have a
> username on the server? Or am I totally wasting my time?
My other suggestion would be to use apache to do your PAM auth in
some way (assuming that's easier, I've never tried?), make a simple
static page with basic auth bound to localhost, and use
Catalyst::Authentication::Credential::HTTP::Proxy to proxy the auth
from Catalyst to apache...
Probably more than a little batshit insane, but would also mean you
could authenticate _anything_ on your web server against PAM, which
could be useful...
Cheers
t0m
More information about the Catalyst
mailing list