# NAME

Plack::Middleware::Auth::Negotiate - Negotiate authentication middleware (SPNEGO)

# VERSION

version 0.172130

# SYNOPSIS

```perl
use Plack::Builder;
my $app = sub { ... };

builder {
   enable 'Auth::Negotiate', keytab => 'FILE:www.keytab';
   $app;
};
```

# DESCRIPTION

Plack::Middleware::Auth::Negotiate provides Negotiate (SPNEGO) authentication
for your Plack application (for use with Kerberos).

This is a very alpha module, and I am still testing some of the security corner
cases. Help wanted.

# CONFIGURATION

- keytab: path to the keytab to use. This value is set as
`$ENV{KRB5_KTNAME}` if provided.

Note that there is no option for matching URLs. You can do this yourself with
[Plack::Middleware::Conditional](https://metacpan.org/pod/Plack::Middleware::Conditional)'s `enable_if` syntax (for [Plack::Builder](https://metacpan.org/pod/Plack::Builder)).

# TODO

- More security testing.
- Ability to specify a list of valid realms. If REALM.EXAMPLE.COM trusts
REALM.FOOBAR.COM, and we don't want to allow REALM.FOOBAR.COM users, we have to
check after accepting the ticket.
- Option to automatically trim the @REALM.EXAMPLE.COM portion of the user
value.
- Method to also provide Basic auth if Negotiate fails.
- Some way to cooperate with other Auth middleware. `enable_if` is your
best bet right now (with different URLs for each type of authentication, and
writing a session).
- Better interaction with [Plack::Middleware::Session](https://metacpan.org/pod/Plack::Middleware::Session), since this
authentication is slow in my experience.
- Better implementation of the actual RFC.
- Custom "Authorization Required" message

# SEE ALSO

[Plack](https://metacpan.org/pod/Plack), [Plack::Builder](https://metacpan.org/pod/Plack::Builder), [Plack::Middleware::Auth::Basic](https://metacpan.org/pod/Plack::Middleware::Auth::Basic)

[GSSAPI](https://metacpan.org/pod/GSSAPI), mod\_auth\_kerb

# ACKNOWLEDGEMENTS

This code is based off of [Plack::Middleware::Auth::Basic](https://metacpan.org/pod/Plack::Middleware::Auth::Basic) and a sample script
provided with [GSSAPI](https://metacpan.org/pod/GSSAPI).

# AUTHOR

Adrian Kreher <[email protected]>

# COPYRIGHT AND LICENSE

This software is Copyright (c) 2011 by Adrian Kreher <[email protected]>.

This is free software, licensed under:

```perl
The (three-clause) BSD License
```

You are viewing proxied material from ftp.icm.edu.pl. The copyright of proxied material belongs to its original authors. Any comments or complaints in relation to proxied material should be directed to the original authors of the content concerned. Please see the disclaimer for more details.