                     CGI::Htauth.pm
_____________________________________________________________

                 *****  WARNING  *****
  This version of CGI::Htauth is an early alpha version, very
  much under deveopment, and important features are not working ...
_____________________________________________________________

CGI::Htauth offers a variety of authentication mechanisms to the
CGI programmer.  The main subroutine is &authenticate($config)

$config can be either a string or a filename, and looks a bit
like a simple router configuration, with different authentication
modes to be offered to different IP addresses or ranges. Possible
modes include allow, deny, password and challenge-response.

CGI::Htauth uses Crypt::Tea to provide the encryption engine both
in Perl on the server, and in Javascript on the browser.  It also
uses CGI::FormBuilder and CGI.pm.

To install ( cool ! new ! interactive ! ) just:
   perl Install
(but this doesn't yet work yet under Windows)

that's all ! or you can still do it the old way ...
   perl Makefile.PL
   make
   make test
   make install

For up-to-date source, see http://www.cpan.org/SITES.html

From a non-JavaScript browser, password login works a bit like
username/password login usually works, except that it also checks
that the IP and browser don't change during the session, handles
timeouts, and offers buttons for logout and password changing.

From a JavaScript browser, password login installs the encryption
engine in a parent frameset and remembers the password in a JavaScript
variable there. The user is authenticated by encrypting a random
challenge, so the password is never transmitted.  Once a user is
logged in, subsequent traffic in both directions is encrypted.  The
level of security is more or less equivalent to that offered by ssh
in the mode in which it asks for the user's password and transmits
it over an encrypted connection.  Again, timeouts are handled and
there are built-in buttons for logout and password changing.

Peter J Billam    computing@pjb.com.au    http://www.pjb.com.au
