NAME
   Plack::Middleware::Auth::Digest - Digest authentication

SYNOPSIS
     enable "Auth::Digest", realm => "Secured", secret => "blahblahblah",
         authenticator => sub {
             my ($username, $env) = @_;
             return $password; # for $username
         };

     # Or return MD5 hash of "$username:$realm:$password"
     enable "Auth::Digest", realm => "Secured", secret => "blahblahblah",
         password_hashed => 1,
         authenticator => sub { return $password_hashed };

DESCRIPTION
   Plack::Middleware::Auth::Digest is a Plack middleware component that
   enables Digest authentication. Your "authenticator" callback is called
   using two parameters: a username as a string and the PSGI $env hash.
   Your callback should return a password, either as a raw password or a
   hashed password.

CONFIGURATIONS
   authenticator
       A callback that takes a username and PSGI $env hash and returns a
       password for the user, either in a plaintext password or a MD5 hash
       of "username:realm:password" (quotes not included) when
       "password_hashed" option is enabled.

   password_hashed
       A boolean (0 or 1) to indicate whether "authenticator" callback
       returns passwords in a plaintext or hashed. Defaults to 0
       (plaintext).

   realm
       A string to represent the realm. Defaults to *restricted area*.

   secret
       Server secret text string that is used to sign nonce. Required.

   nonce_ttl
       Time-to-live seconds to prevent replay attacks. Defaults to 60.

LIMITATIONS
   This middleware expects that the application has a full access to the
   headers sent by clients in PSGI environment. That is normally the case
   with standalone Perl PSGI web servers such as Starman or
   HTTP::Server::Simple::PSGI.

   However, in a web server configuration where you can't achieve this
   (i.e. using your application via mod_perl, CGI or FastCGI), this
   middleware does not work since your application can't know the value of
   "Authorization:" header.

   If you use Apache as a web server and CGI or mod_perl to run your PSGI
   application, you can use mod_rewrite to pass the Authorization header to
   the application with the rewrite rule like following.

     RewriteEngine on
     RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization},L]

AUTHOR
   Yuji Shimada <[email protected]>

   Tatsuhiko Miyagawa

SEE ALSO
   Plack::Middleware::Auth::Basic

LICENSE
   This library is free software; you can redistribute it and/or modify it
   under the same terms as Perl itself.

You are viewing proxied material from ftp.icm.edu.pl. The copyright of proxied material belongs to its original authors. Any comments or complaints in relation to proxied material should be directed to the original authors of the content concerned. Please see the disclaimer for more details.