Loading ...
Sorry, an error occurred while loading the content.

ANN: WebService::TicketAuth 1.00

Expand Messages
  • Bryce Harrington
    Hi all, I ve expanded a bit on Paul Kulchenko s TicketAuth module to turn it into a reusable authentication component for web services, for a project I m
    Message 1 of 2 , Nov 4, 2004
    • 0 Attachment
      Hi all,

      I've expanded a bit on Paul Kulchenko's 'TicketAuth' module to turn it
      into a reusable authentication component for web services, for a project
      I'm working on at OSDL (http://stp.sf.net). The module is now uploaded
      to CPAN as WebService::TicketAuth.

      http://cpan.uwinnipeg.ca/dist/WebService-TicketAuth

      Essentially, I've converted the code into a base class that can be
      derived from to hook it into your site's own password validation
      system.

      This differs from other authentication systems on CPAN in that it can be
      run directly atop a SOAP daemon (i.e., no Apache needed). I've created
      a simple example of this consisting of a derived auth module, a daemon
      script, and two client scripts - one to log in and get a ticket, the
      other to use the ticket to obtain protected access to the service.

      Feedback (and patches) are much appreciated.

      One area we're a bit stuck on is how to implement an SSL layer on top of
      this - we'd prefer to not send passwords in the clear. I would much
      appreciate advice on this.

      Thanks,
      Bryce Harrington
      bryce@...


      On Wed, 27 Oct 2004, Paul Kulchenko wrote:

      > Bryce,
      >
      > If you're talking about this module [1] feel free to use and modify
      > it any way you want. It hasn't been uploaded to CPAN only because I
      > wrote it as an example on how it can be done, and it's very much
      > specific to the way SOAP::Lite does things.
      >
      > Technically it's under the same license as Perl itself; if you can
      > keep my name in it is good, if not, that's fine too. If you need
      > anything more formal (like a statement that it's distributed under
      > such and such license) let me know.
      >
      > Paul.
      >
      > [1] http://guide.soaplite.com/TicketAuth.pm_
      >
      > --- Bryce Harrington <bryce@...> wrote:
      >
      > > Hi Paul,
      > >
      > > I'm developing a GPL'd web service. I'd like to use your TicketAuth
      > > module for this - what license are you providing it under? Can I
      > > make use of it under the GPL or Artistic license?
      > >
      > > Also, would you mind if I uploaded it to CPAN?
      > >
      > > Thanks,
      > > Bryce
      > >
      > >
      >
    • Bryce Harrington
      WebService::TicketAuth 1.01 is released to CPAN and should be available for download from here within a few hours:
      Message 2 of 2 , Nov 10, 2004
      • 0 Attachment
        WebService::TicketAuth 1.01 is released to CPAN and should be available
        for download from here within a few hours:

        http://cpan.uwinnipeg.ca/module/WebService::TicketAuth

        This release adds a DBI-based authenication mechanism for SOAP daemons.
        This allows for doing client-side password checking against a (for
        example) mysql database.

        A new example is included in the examples directory showing a working
        daemon server/client, with sample files to init the database and a
        config file (via Config::Simple) for storing the database password, and
        indicating the database, table, and username/password fields to be
        used. Thus, this should permit hooking this class to most any SQL
        database system that uses md5 crypt() for password encoding.

        Enjoy! (Feedback welcome!)
        Bryce


        On Thu, 4 Nov 2004, Bryce Harrington wrote:
        > Hi all,
        >
        > I've expanded a bit on Paul Kulchenko's 'TicketAuth' module to turn it
        > into a reusable authentication component for web services, for a project
        > I'm working on at OSDL (http://stp.sf.net). The module is now uploaded
        > to CPAN as WebService::TicketAuth.
        >
        > http://cpan.uwinnipeg.ca/dist/WebService-TicketAuth
        >
        > Essentially, I've converted the code into a base class that can be
        > derived from to hook it into your site's own password validation
        > system.
        >
        > This differs from other authentication systems on CPAN in that it can be
        > run directly atop a SOAP daemon (i.e., no Apache needed). I've created
        > a simple example of this consisting of a derived auth module, a daemon
        > script, and two client scripts - one to log in and get a ticket, the
        > other to use the ticket to obtain protected access to the service.
        >
        > Feedback (and patches) are much appreciated.
        >
        > One area we're a bit stuck on is how to implement an SSL layer on top of
        > this - we'd prefer to not send passwords in the clear. I would much
        > appreciate advice on this.
        >
        > Thanks,
        > Bryce Harrington
        > bryce@...
      Your message has been successfully submitted and would be delivered to recipients shortly.