DESCRIPTION

	Apache::AuthCookieDBIRadius is a module that subclasses Apache::AuthCookie 
	and is designed to be directly used for authentication in a mod_perl 
	server.

	It allows you to authenticate against a DBI database -OR- your trusted NT domains
	via a Radius server using a login webpage via AuthCookie.  

	It is a ticket-issuing system that looks up username/passwords in a DBI
	database using generic SQL and issues MD5-checksummed tickets valid for
	a configurable time period.  Incoming requests with tickets are
	checksummed and expire-time checked.

	Upon failure, it then checks a Radius server for authentication.
	(You do not need to run a Radius server to use this.  Actually, 
	Radius authentication is commented out by default.  Uncomment the
	Radius lines in AuthCookieDBIRadius.pm if you intend to use this method
	along with a DBI database.  Most won't be using this method.  You'll need to 
	get Radius authentication working first before using AuthCookieDBIRadius.
	See Apache-AuthenRadius, Authen::Radius and http://www.funk.com/radius/.)

	Included is a sample httpd.conf and login.pl for your review. 


AUTHCOOKIE

	Also included is a slightly customized AuthCookie.pm based on AuthCookie 3.0.  
	Replace with your existing AuthCookie.pm for added customized error messages:

	# Please enter your username and password (default message).

	# Incorrect Password.

	# Incorrect Username (although some say this isn't a good idea, it can 
	  be easily changed to Incorrect Login for the password and username).

	# ERROR! Your session has expired, or your login does not have the proper 
	  access level for this webpage.

	# ERROR! Security error. Too many attempts (shared memory remembers how 
	  many times the user has failed to login, locking them out after	
	  X times).

	# Internal Server Error (usually from an error in the configuration.
	  Error number will tell you exactly where you went wrong.) 

	# ERROR! No Password Supplied.

	# ERROR! No Username Supplied.

	# ERROR! Password did not match.
     
	# ERROR! Authentication Failure (meaning DBI and Radius failed).

 
	Grab $TICKET from the %ENV:

   $TICKET = $ENV{TICKET} || $ENV{REDIRECT_TICKET};
   @split = split(/:/, $TICKET);
   # userid:2000-10-04-09-50-14:2000-10-05-09-50-14:y:y:y:y:n:n:n:n:2852b07llladf
   # 0 = Username
   # 1 = issue date
   # 2 = expiration date
   # 3 = activeuser
   # 4 = a
   # 5 = b
   # 6 = c
   # 7 = d
   # 8 = e
   # 9 = f
	# 10 = g
   # 10 = key

	Now you can issue content based on the users access level.



DEMO

	AuthCookieDBIRadius is currently in production at http://www.s1te.com/secure/. 



SEE ALSO

	perldoc Apache::AuthCookieDBIRadius
	Apache::AuthCookie
	Apache::AuthCookieDBI