OpenXPKI::Server::Authentication::Connector

Passphrase based authentication using connector backend.

Alternative to OpenXPKI::Server::Authentication::Password which checks the password aganist a connector backend using the password as bind parameter.

Returns an instance of OpenXPKI::Server::Authentication::Handle or undef if not login parameters are given.

Configuration

Authentication Only

Requires role to be set, will use the incoming username to query the connector at $prefix.source.$username, sending the password as "bind" password in the data section. Suited connectors are e.g. Connector::Builtin::Authentication::*

    User Password:
        type: Connector
        role: User
        source@: connector:auth.connector.localuser

Authentication plus dedicated userinfo

If you add a node user to the configuration, the class will first perform the authentication and, if successful, run a second query to $prefix.user.$username. The query is done without the password and expects a hash to be returned. The hash will be returned in the userinfo attribute.

    User Password:
        type: Connector
        role: User
        source@: connector:auth.connector.localuser
        user@: connector:auth.connector.userinfo

Combined mode

If only the user node exists, only a single query including the password is done on $prefix.user.$username. The login is successful, if a non-empty hash is returned. The unfiltered hash is set as userinfo.