Free to authenticate software for linux

Courier Authentication Library is an API toolkit for implementing password validation and account metadata lookups. Copies of this library code used to exist in other tarballs: Courier, Courier-IMAP, and SqWebMail. Building and installing any of these packages wouldve automatically installed this authentication code.
The authentication library is now a separate, standalone package. This authentication library must now be installed, separately, before upgrading to the following builds (or if installing them for the first time): Courier 0.48, Courier-IMAP 4.0, and SqWebMail 5.0.
The Courier authentication library provides authentication services for other Courier applications. In this context, the term "authentication" refers to the following functions:
1. Take a userid or a loginid, and a password. Determine whether the loginid and the password are valid.
2. Given a userid, obtain the following information about the userid:
A. The accounts home directory.
B. The numeric system userid and groupid that owns all files associated with this account.
C. The location of the accounts maildir.
D. Any maildir quota defined for this account. See the Courier documentation for more information on maildir quotas.
E. Other miscellaneous account-specific options.
3. Change the password associated with a loginid.
4. Obain a complete list of all loginids.
The Courier authentication library provides alternative implementations of these authentication services:
1. Use the traditional system password files: /etc/passwd and /etc/shadow, possibly in conjunction with the PAM library.
2. Maintain all this information in a GDBM or a DB database. The GDBM or the DB database is compiled from plain text files. Perl scripts provide a simple interface for creating and editing the authentication information, then a script compiles the plain text files into a database.
3. Use an LDAP server for authentication.
4. Use a table in a MySQL database for authentication.
5. Use a table in a PostgreSQL database for authentication.
All Courier components that use this authentication library, therefore, will be able to authenticate E-mail accounts using any of the above methods.
Enhancements:
- This release fixes many compiler warnings, updates the LDAP API to OpenLDAP 2.3, tweaks the Makefile to make Solariss linker happy, and cleans up the RPM spec file.

Authenticated User Community project is a CGI-based intranet system for K-12 settings.

AUC (Authenticated User Community) is an intranet system designed for use in an educational organization but is also useful in many other settings.

It offers the ability for users to have a uniform web-based interface to discussion forums, e-mail (similar to hotmail, etc.), file management, and a searchable user database.

Also, "Interactive Classrooms" provide a means for students and teachers to have a web-based extension to their in-class interaction.

The system runs from a C-based monolithic CGI script. MySQL is used for database storage. Also, the web-based mail client supports MIME parts/attachments, IMAP, mbox, and multiple mail folders.

mod-auth-pipe is a module of authentication written for Apache 1 (it hasnt been tested with Apache 2, but it may work).

Actually, this module is just mod-auth-shadow with a few modifications in order to accept any program as a pipe, letting this one validate both users andr groups.

mod_auth_pipe contents the module itself and an example pipe.

mod-auth-pipe can be configured independantly for whole server, for any VirtualHost or just per Location/Directory. It has very few configuration variables and its format is very simple. In order to configure apache to authenticate, for example, access to the administrative interface of oscommerce you can type this on your httpd.conf:

< Directory /var/www/oscommerce/catalog/admin >
AuthType Basic
AuthName osCommerce admin site
AuthPipe on
AuthPipeProgram /usr/local/bin/auth-pipe
require group oscommerce-admins
< /Location >

This way, and with a well-made auth-pipe program you can be sure that only those within the group oscommerce-admins could enter that section of your web.

Auth MemCookie is an Apache v2 authentification and authorization modules are based on "cookie" authentification mecanism.

The module dont make authentification by it self, but verify if authentification "the cookie" are valid for each url protected by the module. The module validate also if the "authentificated user" have authorisation to acces url.

Authentification are made externaly by an authentification form page and all authentification information nessary to the module a stored in memcached indentified by the cookie value "authentification session id" by this login page.

How it Works

Phase 1 : The login Form

Authentification are made by a login formular page.
This login page must authenticate the user with any authenticate source (ldap, /etc/password, file, database....) accessible to langage of the page (php, perl, java... an ldap login page sample in php are in samples directory).

Then must set cookie that contain only a key the "authentification unique id" of the "authentification session".

The login page must store authorisation and user information of the authenticated user in memcached identified by the cookie key "authentification unique id".

The login page can be developted in any langage you want, but must be capable to use memcached (they must have memcache client api for us)

Phase 2 : The Apache v2 Module

After the user are logged, the apache 2 module check on each protected page by apache ACL the presence of the "cookie".

if the "cookie" exist, try to get session in memcached with the "cookie" value if not found return "HTTP_UNAUTHORIZED" page.

if session exist in memcached verify if acl match user session information if not match return "HTTP_FORBIDDEN" page.

CGI::Application::Plugin::Authentication::Driver::DBI is a DBI Authentication driver.

SYNOPSIS

use base qw(CGI::Application);
use CGI::Application::Plugin::Authentication;

__PACKAGE__->authen->config(
DRIVER => [ DBI,
DBH => $self->dbh,
TABLE => user,
CONSTRAINTS => {
user.name => __CREDENTIAL_1__,
MD5:user.password => __CREDENTIAL_2__
},
],
);

This Authentication driver uses the DBI module to allow you to authenticate against any database for which there is a DBD module. You can either provide an active database handle, or provide the parameters necesary to connect to the database.
When describing the database structure, you need to specify some or all of the following parameters: TABLE(S), JOIN_ON, COLUMNS and CONSTRAINTS.

DBH

The DBI database handle to use. Defaults to $self-dbh()>, which is provided and configured through CGI::Application::Plugin::DBH

TABLE(S) (required)

Provide either a single table name, or an array of table names. You can give the table names aliases which can be referenced in later columns.

TABLE => users,

- or -

TABLES => [users U, domains D],
JOIN_ON (conditionally required)
If you have specified multiple tables, then you need to provide an SQL expression that can be used to join those tables.
JOIN_ON => user.domainid = domain.id,

- or -

JOIN_ON => U.domainid = D.id,

CGI::Application::Plugin::Authentication::Driver::Dummy is a dummy authentication driver which lets anyone authenticate regardless of the password they provide

SYNOPSIS

use base qw(CGI::Application);
use CGI::Application::Plugin::Authentication;

__PACKAGE__->authen->config(
DRIVER => Dummy,
);

This Driver is the anti-authentication driver, since it doesnt check the credentials at all, and just accepts whatever the user has entered. It can be useful in development, or if you want a guest based system without passwords.

EXAMPLE

__PACKAGE__->authen->config(
DRIVER => Dummy,
);

METHODS

verify_credentials

This method will automatically return the first credential as the username without checking anything else.

NTLM Authorization Proxy Server is a proxy software that allows you to authenticate via an MS Proxy Server using the proprietary NTLM protocol.
Since version 0.9.5 APS has an ability to behave as a standalone proxy server and authenticate http clients at web servers using NTLM method.
It can change arbitrary values in your clients request header so that those requests will look like they were created by MS IE. It is written in Python v1.5.2 language.
Main features:
- supports NTLM authentication via parent proxy server (Error 407 Proxy Authentication Required);
- supports NTLM authentication at web servers (Error 401 Access Denied/Unauthorized);
- supports translation of NTLM scheme to standard "Basic" authentication scheme;
- supports the HTTPS CONNECT method for transparent tunnelling through parent proxy server;
- has ability to change arbitrary values in clients request headers;
- supports unlimited number of client connections;
- supports connections from external hosts;
- supports HTTP 1.1 persistent connections;
- stores users credentials in config file or requests password from a console during the start time;
- supports intelligent failure detection and failover between multiple upstream proxies;
Enhancements:
- This release fixes a minor bug with Python 1.5.2 compatibility.