NAME

MKDoc::Auth - Authentication framework for MKDoc::Core

INSTALLATION

See MKDoc::Setup::Auth.

Once you're done with the install go to http://<yoursite>/.signup.html to see how it works.

INTERFACE

Whenever a user authenticates, the framework will set a user object which can be accessed in $::MKD_USER.

The $::MKD_USER object MUST have the following methods:

$object->login() - the login of the user.
$object->email() - the email address of the user.
$object->full_name() - the full name of the user.

The $::MKD_USER variable can be undefined.

That's it. MKDoc::Auth does not make any other guarantees. Any piece of code which uses MKDoc::Auth through this interface should be able to use any other authentication layer provided they implement the simple $::MKD_USER object described above.

FUNCTIONALITY

Installing this product on an MKDoc::Core site will provide the following services:

/.signup.html

Open a new account - send a confirmation email

/.confirm.html?<confirm_id>

Activate / confirm a new account.

/.login.html

Login / logout / log as someone else.

/~<login>/.edit.html

Edit user account information.

/~<login>/.remove.html

Remove user account.

/.login-recover.html

Recover lost login information - sends an email

/.password-recover.html

Recover lost password for a given login - sends an email.

SPECIAL TRICKS

MKDoc::Auth does not use sessions or cookies. It uses plain simple HTTP authentication.

MKDoc::Auth implement a few tricks to make HTTP authentication possible, including optional authentication and logout mechanisms. Those tricks are explained in this paper:

http://wiki.slugbug.org.uk/HTTP_Authentication

ADMINISTATION & SECURITY

I have plans to build an autorization framework, MKDoc::Authz, which will be working independently of MKDoc::Auth.

Since there is no autorization mechanisms in place at the moment, there is currently no administration interface to manage users. Admin interface would mean user privileges, user privileges would mean authorization layer.

However, once MKDoc::Authz is done, I plan to release MKDoc::Auth::Admin which will depend on MKDoc::Authz for privileges management.

Meanwhile, MKDoc::Auth implements a very, very simple policy: a given user can only modify or delete his own account.

AUTHOR

Copyright 2003 - MKDoc Holdings Ltd.

Author: Jean-Michel Hiver <jhiver@mkdoc.com>

This module is free software and is distributed under the same license as Perl itself. Use it at your own risk.

SEE ALSO

MKDoc::Auth::User, MKDoc::Auth::TempUser, MKDoc::Auth::Handler::AuthenticateOpt, MKDoc::Auth::Handler::Authenticate, MKDoc::Auth::Plugin::Signup, MKDoc::Auth::Plugin::Confirm, MKDoc::Auth::Plugin::Login, MKDoc::Auth::Plugin::Edit, MKDoc::Auth::Plugin::Recover_Login, MKDoc::Auth::Plugin::Recover_Password, MKDoc::Auth::Plugin::Delete, MKDoc::Core

Help us open-source MKDoc. Join the mkdoc-modules mailing list:

mkdoc-modules@lists.webarch.co.uk