Dan Brian wrote: > My point was that I don't need a CPAN module to verify hashes. Features > could include a mechanism for rotating a key on the servers being > accessed, IP verification ... and other features I can't think of. :-)
Apache::AuthTicket does ip verification. Not sure what you mean by "key rotation", but AuthTicket allows you to change the "secret" key in the database periodically. These are used to verify that the ticket has not been tampered with. You can have multiple "secret" keys active at the same time, allowing tickets just issued on the previous key to expire before you remove it from the database. So, for example, you can issue new "secret" keys every 2 hours, and delete all secret keys more than 6 hours old at the same time. AuthTicket will always issue new tickets using the most recent secret key. Not sure if this is the type of thing you are referring to, or if you are looking for something else :). Regards, Michael Schout
