Description

The rack-kerberos library is a Rack library that uses Kerberos to authenicate users against your Kerberos server.

Prerequisites

rack 1.0.0 or later krb5-auth 0.7 or later

Usage

use “Rack::Auth::Kerberos”, “user_field”, “password_field”, “YOUR.REALM_NAME”

Default Fields

The default user field is “username”. The default password field is “password”. The default realm is whatever you’ve got set in your krb5.conf file.

Details

This rack library only handles requests that contain a username and password parameter. If both are not present, the request is forwarded normally.

If a username and password are detected, then they’re authenicated against your Kerberos server. If valid, then env is set to the username and env is deleted. If invalid, then env is deleted and env is set to an error message explaining what went wrong.

Note that if env or env are already set, then the request is forwarded normally.

Some details are logged in env, primarily for debugging purposes, if needed.

TODO

Handle other types of authentication, e.g. HTTP basic auth with a username and password are submitted, instead of only looking in request params.

Authors

Daniel Berger Charlie O’Keefe Marty Haught