<html><head></head><body bgcolor="#FFFFFF"><div>You don't need to store the password... You just need to have a session id that has a short lifetime while you browse.. </div><div><br></div><div><br></div><div>You can tie that session id with an ip address for additional security .</div><div><br>Francisco</div><div><br>On Feb 27, 2012, at 1:06 PM, Birger Burkhardt <<a href="mailto:sysdev41@googlemail.com">sysdev41@googlemail.com</a>> wrote:<br><br></div><div></div><blockquote type="cite"><div>Hi Francisco,<br><br>thank you for your reply. I already use sessions (FastMmap for Storage and Cookies for State). I can login to the GUI via my LDAP credentials. But the problem is: every further request has to be done with my personal credentials. Therefore the password should be stored somewhere safe. I don't want to store the userpassword in a unencrypted sessionvariable.<br>
<br>Best regards,<br>Birger<br><br><br><div class="gmail_quote">On Mon, Feb 27, 2012 at 6:52 PM, Francisco Obispo <span dir="ltr"><<a href="mailto:fobispo@isc.org">fobispo@isc.org</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
Hi Birger,<br>
<br>
Once you've authenticated with LDAP, or with any backend, it is important that you store the session information somewhere.. Some people use a database, memcached, tmp file, or any other method.<br>
<br>
That way, when the client comes with the next request, he will offer a cookie that can be verified for authorization purposes.<br>
<br>
francisco<br>
<div class="HOEnZb"><div class="h5"><br>
<br>
<br>
On Feb 27, 2012, at 2:30 AM, Birger Burkhardt wrote:<br>
<br>
> Hello Peter,<br>
><br>
> thank you for your reply.<br>
><br>
> no, i am not storing these credentials as i thought the module would do this. I also tried to use the following package, but it doesn't work either:<br>
><br>
> <a href="http://cpansearch.perl.org/src/BOBTFISH/Catalyst-Model-LDAP-FromAuthentication-0.02/README" target="_blank">http://cpansearch.perl.org/src/BOBTFISH/Catalyst-Model-LDAP-FromAuthentication-0.02/README</a><br>
><br>
> According to this changelog (see entry in Version 1.007):<br>
> <a href="http://cpan.uwinnipeg.ca/htdocs/Catalyst-Authentication-Store-LDAP/Changes.html" target="_blank">http://cpan.uwinnipeg.ca/htdocs/Catalyst-Authentication-Store-LDAP/Changes.html</a><br>
> the user object has to be serialized and stored in the session. Do you have an idea how to do this?<br>
><br>
> Best regards,<br>
> Birger<br>
><br>
><br>
> On Sat, Feb 25, 2012 at 3:41 AM, Peter Karman <<a href="mailto:peter@peknet.com">peter@peknet.com</a>> wrote:<br>
> Birger Burkhardt wrote on 2/24/12 7:22 AM:<br>
><br>
> > After successful authentication, all further request<br>
> > should be executed via the credentials of the logged in user.<br>
> ><br>
><br>
> are you somehow storing those credentials so that they persist over the life of<br>
> the session? The LDAP authn plugin does not do that for you, afaik. The<br>
> credentials exist only for the life of that particular login HTTP request.<br>
><br>
> or maybe I'm misunderstanding what you're trying to do?<br>
><br>
> > In the login controller the user is authenticated<br>
> > [...]<br>
> > # Get the username and password from form<br>
> > my $username =3D $c->request->params->{username};<br>
> > my $password =3D $c->request->params->{password};<br>
> ><br>
> > # If the username and password values were found in form<br>
> > if ($username && $password) {<br>
> > # Attempt to log the user in<br>
> > if ($c->authenticate({ username =3D> $username,<br>
> > password =3D> $password })) {<br>
> > [...]<br>
> ><br>
> > But when I do a new request from within another controller, i get an ldap<br>
> > error meaning the credentials are invalid:<br>
> ><br>
> > code in other controller:<br>
> > [...]<br>
> > my $ldapconn =3D $c->user->ldap_connection();<br>
> > my $mesg =3D $ldapconn->search( base =3D> "ou=3Dusers,dc=3Dexample,=<br>
> > dc=3Dcom",<br>
> > filter =3D> "(uid=3D*)");<br>
> > my @entries =3D $mesg->sorted('uid');<br>
> > $c->stash(users =3D> \@entries,);<br>
> > $c->stash(template =3D> 'userList.tt2');<br>
> > [...]<br>
> ><br>
><br>
><br>
> --<br>
> Peter Karman . <a href="http://peknet.com/" target="_blank">http://peknet.com/</a> . <a href="mailto:peter@peknet.com">peter@peknet.com</a><br>
><br>
> _______________________________________________<br>
> List: <a href="mailto:Catalyst@lists.scsys.co.uk">Catalyst@lists.scsys.co.uk</a><br>
> Listinfo: <a href="http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst" target="_blank">http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst</a><br>
> Searchable archive: <a href="http://www.mail-archive.com/catalyst@lists.scsys.co.uk/" target="_blank">http://www.mail-archive.com/catalyst@lists.scsys.co.uk/</a><br>
> Dev site: <a href="http://dev.catalyst.perl.org/" target="_blank">http://dev.catalyst.perl.org/</a><br>
><br>
> _______________________________________________<br>
> List: <a href="mailto:Catalyst@lists.scsys.co.uk">Catalyst@lists.scsys.co.uk</a><br>
> Listinfo: <a href="http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst" target="_blank">http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst</a><br>
> Searchable archive: <a href="http://www.mail-archive.com/catalyst@lists.scsys.co.uk/" target="_blank">http://www.mail-archive.com/catalyst@lists.scsys.co.uk/</a><br>
> Dev site: <a href="http://dev.catalyst.perl.org/" target="_blank">http://dev.catalyst.perl.org/</a><br>
<br>
</div></div><span class="HOEnZb"><font color="#888888">Francisco Obispo<br>
email: <a href="mailto:fobispo@isc.org">fobispo@isc.org</a><br>
Phone: <a href="tel:%2B1%20650%20423%201374" value="+16504231374">+1 650 423 1374</a> || INOC-DBA *3557* NOC<br>
PGP KeyID = B38DB1BE<br>
</font></span><div class="HOEnZb"><div class="h5"><br>
<br>
_______________________________________________<br>
List: <a href="mailto:Catalyst@lists.scsys.co.uk">Catalyst@lists.scsys.co.uk</a><br>
Listinfo: <a href="http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst" target="_blank">http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst</a><br>
Searchable archive: <a href="http://www.mail-archive.com/catalyst@lists.scsys.co.uk/" target="_blank">http://www.mail-archive.com/catalyst@lists.scsys.co.uk/</a><br>
Dev site: <a href="http://dev.catalyst.perl.org/" target="_blank">http://dev.catalyst.perl.org/</a><br>
</div></div></blockquote></div><br>
</div></blockquote><blockquote type="cite"><div><span>_______________________________________________</span><br><span>List: <a href="mailto:Catalyst@lists.scsys.co.uk">Catalyst@lists.scsys.co.uk</a></span><br><span>Listinfo: <a href="http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst">http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst</a></span><br><span>Searchable archive: <a href="http://www.mail-archive.com/catalyst@lists.scsys.co.uk/">http://www.mail-archive.com/catalyst@lists.scsys.co.uk/</a></span><br><span>Dev site: <a href="http://dev.catalyst.perl.org/">http://dev.catalyst.perl.org/</a></span><br></div></blockquote></body></html>