Cross-Platform Pluggable Authentication & Authorizationby flyingmoose (Priest)
|on Mar 11, 2004 at 17:51 UTC||Need Help??|
flyingmoose has asked for the
wisdom of the Perl Monks concerning the following question:
Does anyone know of any Perl-mechanisms for doing relatively cross platform (and somewhat pluggable) authentication? Admittedly, this is a pipe dream, but it would be gold if it exists. I see tools such as some starting with Authen and some plugins from OpenThought (but those appear to be only partially completed).
Example API's I would like to call from a daemon running as root:
Ideally I would like to support ActiveDirectory, LDAP, and so on... but at a bare minimum support for local Windows passwords and local Linux passwords (/etc/passwd) would be a start. I don't need to use foreign authentication systems (aka Unix boxen don't need to know how to check ActiveDirectory), I just need to authenticate with whatever mechanisms are available on the box. Unfortunately, we aren't only supporting Linux, so I can't use PAM and be done with it. Ah, wouldn't THAT be nice :)
Why I'm asking -- well, I need to retrofit some authentication into a Java (ack! run away!) app. Hand-rolled authentication systems are not acceptable per requirements. The logical choice (just using JAAS -- since this is a Java daemon) does not support anything but checking the current user's permissions, so that doesn't meet my requirements of logging in with a username and password for any user. The JAAS folks did a good job of making a tool that doesn't do much, essentially.
Calling out to Perl on the server-side is an admitted hack, but it seems to be a good short-term solution. Writing tons of C++ code and calling JNI (the endorsed way) isn't *that* much better that shelling out to Perl, given logins will not be attempted often. Overhead will be minimal. Plus, if this bails us out, it's bonus points for Perl in the organization.