perl-modperl mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Matt Puumala <>
Subject Set AuthName to prompt for sequential passwords
Date Mon, 20 Dec 2010 03:36:16 GMT

I am trying to make a two-factor authentication module, built on
AuthType Basic. (google for Perfect Paper Passwords for the scheme I'm
using).  To make it work, I need to be able to prompt the user to type
in two passwords sequentially.

So, the user comes to the page, apache sends "401 AuthRequired" and
the configured AuthName (this is prompt 1).

The user enters username and first password. The module verifies, and
constructs the second prompt.

In my plan, I'd like to set the AuthName for that client, then send
back "401 AuthRequired" again. The new AuthName realm is prompt 2,
which is shown to the user.

However, I'm having problems changing the AuthName.

I'm starting with extremely simple test bed, using output files to
dump data.

I expected the "Old Auth Name" to be "Testing the Thing", and the "New
Auth Name" to be "Simple String". But the Auth Name doesn't change.

This is my first apache module. Is there something in the intricacies
of the request cycle that I'm missing? Or is there some other obviously
better way to prompt for passwords sequentially?

Server: Windows XP running XAMPP.
Server version: Apache/2.2.14 (Win32)
Server built:   Nov 11 2009 14:29:03
mod_perl/2.0.4 Perl/v5.10.1

------- Auth Handler Skeleton ---------------
package CustomAuth::AuthTwoPW;

use strict;
use Apache2::Const qw(:common);
use Apache2::Access ();

sub handler
  my $r = shift;
  my($res, $sent_pw) = $r->get_basic_auth_pw;

  # debug output
   my $FH;
   open  $FH, ">", "/Documents and Settings/Matt/Desktop/stuff.txt";
   my $stoij = "response is " . $res . "\nSent pw is " . $sent_pw . "\n";
  print $FH $stoij;

  return $res if $res != OK;

  my $user = $r->connection->user;
  unless($user eq "matt" and $sent_pw eq "pw1")

    print $FH "Didnt get good pw, returning AUTH_REQUIRED\n";

    $r->log_error("Didn't get good first password",
    return AUTH_REQUIRED;

  # Got first username/pw combo. RESET, change prompts, and get next set

  # reset prompts
  my $oldval = $r->auth_name("Simple String");
  my $newval = $r->auth_name();

  print $FH "Old authname val is " . $oldval . "\n";
  print $FH "New authname val is " . $newval . "\n";

  # Reset headers so client auth's again

  # ask for second pw

} # closes 'handler'

------- END Auth Handler Skeleton ---------------

------- Debug File Output -----------------
response is 0
Sent pw is pw1
Old authname val is Testing The Thing
New authname val is Testing The Thing
------- END Debug File Output -----------------

------- ModPerl Config ----------------------
LoadFile "C:/Documents and Settings/Matt/My
LoadModule perl_module modules/
LoadModule apreq_module modules/

PerlSwitches -T
PerlPostConfigRequire "C:/Documents and Settings/Matt/My

...[ snip ]...

<Directory "C:/Documents and Settings/Matt/My
  SetHandler perl-script
  AuthName "Testing The Thing"
  AuthType Basic
  PerlOptions +GlobalRequest
  PerlAuthenHandler CustomAuth::AuthTwoPW
  require valid-user

# ASP settings
Include "conf/extra/asp.conf"
------- END ModPerl Config ----------------------

View raw message