/usr/share/doc/libapache2-mod-auth-tkt/examples/auth_tkt.rb.README is in libapache2-mod-auth-tkt 2.1.0+dfsg-1.
This file is owned by root:root, with mode 0o644.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 | To generate auth_tkt cookies or just the ticket string you can use this
auth_tkt rails library.
Configuration
-------------
Copy auth_tkt.rb to the lib directory of your rails application. Edit it
and set the following values:
1. Set the path to the secret key file (configuration file, usually
02_auth_tkt.conf) for the constant SECRET_KEY_FILE.
2. If you want to use the ticket across multiple subdomains you have to
set a string for your top-level-domain for the constant DOMAIN (i.e.
".yourdomain.com").
Usage
-----
To use the library, include it into your controller using "include AuthTkt".
Creating the cookie string:
User the
function get_tkt_hash(user, token_list, user_data, base64)
to get a signed cookie string.
Parameters:
The user should be the username.
The token_list may be a group name or any token you want to use, leave it
blank or set it to nil, if you don't want to use any.
The user_data may be a any data you want to use, leave it blank or set it
to nil, if you don't want to use any.
The base64 value is a boolean, that activates base64 encoding for the
ticket string, default is false. Keep in mind this is no encryption and
does not protect your data from being red.
Data encryption to protect your data is not implemented for this library
yet. You should use SSL to prevent anybody from reading your data.
Setting a cookie:
Use the function
set_auth_tkt_cookie(user, domain, token_list, user_data, base64)
to set a cookie directly. Use the parameters as described in the section
above.
The parameter domain will be the value for the domain used in the cookie.
It can be accessed from auth_tkt.rb via AuthTkt::DOMAIN or set to nil, if
none should be use.
Using acts_as_authenticated with auth_tkt
-----------------------------------------
The common plugin acts_as_authenticated adds an out of the box login
system to a rails application.
The plugin acl_system2 adds role support to the acts_as_authenticated
login system.
To use the auth_tkt login with the rails plugins acts_as_authenticated
and acl_system2 to get a auth_tkt ticket saved with each login you have
to proceed the following steps:
Install and setup the plugins acts_as_authenticated and acl_system2.
Edit the file account_controller.rb:
1. add the line
include AuthTkt
at top of the class definition
2. add the following two lines
role_titles = (self.current_user.roles.collect { |x| x.title }).join(',')
set_auth_tkt_cookie(self.current_user.login, AuthTkt::DOMAIN, role_titles, nil, true)
behind the row
if logged_in?
into the definition of the login function
3. add the following block
if params[:back] and not params[:back].empty?
redirect_to params[:back]
return
end
above the line
redirect_back_or_default(:controller => '/account', :action => 'index')
into the definition of the login function
4. add the line
destroy_auth_tkt_cookie
after the line
cookies.delete :auth_token
into the definition of the logout function
|