r1 - 2008-01-22 - 03:21:30 - TWikiContributorYou are here: NTP >  TWiki Web > TWikiLoginManagerTemplateLoginDotPm
NTP users are strongly urged to take immediate action to ensure that their NTP daemons are not susceptible to being used in distributed denial-of-service (DDoS) attacks. Please also take this opportunity to defeat denial-of-service attacks by implementing Ingress and Egress filtering through BCP38.

ntp-4.2.8p15 was released on 23 June 2020. It addresses 1 medium-severity security issue in ntpd, and provides 13 non-security bugfixes over 4.2.8p13.

Please see the NTP Security Notice for vulnerability and mitigation details.

Are you using Autokey in production? If so, please contact Harlan - he's got some questions for you.

Package TWiki::LoginManager::TemplateLogin

This is a login manager that you can specify in the security setup section of configure. It provides users with a template-based form to enter usernames and passwords, and works with the PasswordManager that you specify to verify those passwords.

Subclass of TWiki::LoginManager; see that class for documentation of the methods of this class.

ClassMethod new ($session,$impl)

Construct the TemplateLogin object

ObjectMethod forceAuthentication () -> boolean

method called when authentication is required - redirects to (...|view)auth Triggered on auth fail

ObjectMethod loginUrl () -> $loginUrl

TODO: why is this not used internally? When is it called, and why Content of a login link

ObjectMethod login ($query,$twiki)

If a login name and password have been passed in the query, it validates these and if authentic, redirects to the original script. If there is no username in the query or the username/password is invalid (validate returns non-zero) then it prompts again.

If a flag to remember the login has been passed in the query, then the corresponding session variable will be set. This will result in the login cookie being preserved across browser sessions.

The password handler is expected to return a perl true value if the password is valid. This return value is stored in a session variable called VALIDATION. This is so that password handlers can return extra information about the user, such as a list of TWiki groups stored in a separate database, that can then be displayed by referring to %SESSION_VARIABLE{"VALIDATION"}%

Edit | WYSIWYG | Attach | Printable | Raw View | Backlinks: Web, All Webs | History: r1 | More topic actions
This site is powered by the TWiki collaboration platformCopyright © by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding NTP? Send feedback
Note: Please contribute updates to this topic on TWiki.org at TWiki:TWiki.TWikiLoginManagerTemplateLoginDotPm