On 14 Nov 2008, at 00:28, Michael Higgins wrote:
I had the idea to make an app that authenticates against PAM.
Can this be done? There is Cat:P:A:C:PAM, but
[warn] Credential class "Catalyst::Authentication::Credential::PAM"
not found, trying deprecated ::Plugin:: style naming.
[error] THIS IS DEPRECATED:
Catalyst::Plugin::Authentication::Credential::PAM has no new()
method - Attempting to use uninstantiated
So... too bad that wasn't patched into the module docs somewhere.
As you can imagine, it took quite a bit of digging to get it to
work enough to tell me it was deprecated. :(
Does it still work though?
It wouldn't be a lot of effort to fixup the module to work with the
new authentication framework, but AFAIK we should still have pretty
comprehensive backwards compatibility...
OK. There is a Authen::Simple option that doesn't apparently work
either. Had to run script as superuser to have perms to read /etc/
shadow. Even then, it failed with no particular error.
:-( That's less than optimum. Is that a known Authen::Simple issue
(and is there a CPAN RT bug open about it)?
So, maybe someone on the list can suggest some working, non-
deprecated way I can authenticate users against those who have a
username on the server? Or am I totally wasting my time?
My other suggestion would be to use apache to do your PAM auth in
some way (assuming that's easier, I've never tried?), make a simple
static page with basic auth bound to localhost, and use
Catalyst::Authentication::Credential::HTTP::Proxy to proxy the auth
from Catalyst to apache...
Probably more than a little batshit insane, but would also mean you
could authenticate _anything_ on your web server against PAM, which
could be useful...
Cheers
t0m
_______________________________________________
List: Catalyst@lists.scsys.co.uk
Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/
Dev site: http://dev.catalyst.perl.org/
