[Clipart] ANN: WebService::TicketAuth 1.01

[Bryce Harrington]

WebService::TicketAuth 1.01 is released to CPAN and should be available
for download from here within a few hours:

   http://cpan.uwinnipeg.ca/module/WebService::TicketAuth

This release adds a DBI-based authenication mechanism for SOAP daemons.
This allows for doing client-side password checking against a (for
example) mysql database.

A new example is included in the examples directory showing a working
daemon server/client, with sample files to init the database and a
config file (via Config::Simple) for storing the database password, and
indicating the database, table, and username/password fields to be
used.  Thus, this should permit hooking this class to most any SQL
database system that uses md5 crypt() for password encoding.

Enjoy!  (Feedback welcome!)
Bryce


On Thu, 4 Nov 2004, Bryce Harrington wrote:
> Hi all,
>
> I've expanded a bit on Paul Kulchenko's 'TicketAuth' module to turn it
> into a reusable authentication component for web services, for a project
> I'm working on at OSDL (http://stp.sf.net).  The module is now uploaded
> to CPAN as WebService::TicketAuth.
>
>     http://cpan.uwinnipeg.ca/dist/WebService-TicketAuth
>
> Essentially, I've converted the code into a base class that can be
> derived from to hook it into your site's own password validation
> system.
>
> This differs from other authentication systems on CPAN in that it can be
> run directly atop a SOAP daemon (i.e., no Apache needed).  I've created
> a simple example of this consisting of a derived auth module, a daemon
> script, and two client scripts - one to log in and get a ticket, the
> other to use the ticket to obtain protected access to the service.
>
> Feedback (and patches) are much appreciated.
>
> One area we're a bit stuck on is how to implement an SSL layer on top of
> this - we'd prefer to not send passwords in the clear.  I would much
> appreciate advice on this.
>
> Thanks,
> Bryce Harrington
> bryce at osdl.org