[Clipart] ANN: WebService::TicketAuth 1.01

Bryce Harrington bryce at osdl.org
Wed Nov 10 19:17:47 PST 2004

WebService::TicketAuth 1.01 is released to CPAN and should be available
for download from here within a few hours:


This release adds a DBI-based authenication mechanism for SOAP daemons.
This allows for doing client-side password checking against a (for
example) mysql database.

A new example is included in the examples directory showing a working
daemon server/client, with sample files to init the database and a
config file (via Config::Simple) for storing the database password, and
indicating the database, table, and username/password fields to be
used.  Thus, this should permit hooking this class to most any SQL
database system that uses md5 crypt() for password encoding.

Enjoy!  (Feedback welcome!)

On Thu, 4 Nov 2004, Bryce Harrington wrote:
> Hi all,
> I've expanded a bit on Paul Kulchenko's 'TicketAuth' module to turn it
> into a reusable authentication component for web services, for a project
> I'm working on at OSDL (http://stp.sf.net).  The module is now uploaded
> to CPAN as WebService::TicketAuth.
>     http://cpan.uwinnipeg.ca/dist/WebService-TicketAuth
> Essentially, I've converted the code into a base class that can be
> derived from to hook it into your site's own password validation
> system.
> This differs from other authentication systems on CPAN in that it can be
> run directly atop a SOAP daemon (i.e., no Apache needed).  I've created
> a simple example of this consisting of a derived auth module, a daemon
> script, and two client scripts - one to log in and get a ticket, the
> other to use the ticket to obtain protected access to the service.
> Feedback (and patches) are much appreciated.
> One area we're a bit stuck on is how to implement an SSL layer on top of
> this - we'd prefer to not send passwords in the clear.  I would much
> appreciate advice on this.
> Thanks,
> Bryce Harrington
> bryce at osdl.org

More information about the clipart mailing list