Bug #26092 for Apache-AuthTicket: IP addr tracking breaks usability in certain settings

RT for rt.cpan.org

This queue is for tickets about the Apache-AuthTicket CPAN distribution.

Report information

The Basics

Id:	26092
Status:	resolved
Priority:	0/
Queue:	Apache-AuthTicket

People

Owner:	Nobody in particular
Requestors:	~yaph/cpan/pause/{nospam}/08-02-26 [...] rainbow.in-berlin.de
Cc:
AdminCc:

Bug Information

Severity:	Important
Broken in:	0.40
Fixed in:	0.90

History Show all quoted text

Wed Apr 04 05:15:59 2007 ~yaph/cpan/pause/{nospam}/08-02-26 [...] rainbow.in-berlin.de - Ticket created

Subject:

IP addr tracking breaks usability in certain settings

i love this module, it works perfectly in our LAN. unfortunately, one of its security features makes it hardly usable across the internet for us. we have a router that randomly switches TCP connections to one of two DSL lines. as a result, we're constantly being logged out with "tampered_hash", often instantly after logging in. :-( have you got any idea how to deal with this problem, perhaps more elegantly than to disable this feature at all? (i'm currently $r->connection->remote_ip ('0.0.0.0'); at a few places in my application, using a PerlAccessHandler.)

Wed Sep 10 23:43:44 2008 MSCHOUT [...] cpan.org - Correspondence added

I've fixed this in the 0.90_02 developer release. You can turn off the inclusion of the IP address in the computed hash with the new TicketCheckIP configuration parameter. I also added TicketCheckBrowser which if turned on will include the clients User-Agent string in the hash. So if you want to just disable the ip, set ${AuthName}TicketCheckIP off, if you want to use the user-agent string instead, then also add ${AuthName}TicketCheckBrowser on to your PerlSetVar's.

Wed Sep 10 23:43:48 2008 The RT System itself - Status changed from 'new' to 'open'

Sat Nov 07 14:56:52 2009 MSCHOUT [...] cpan.org - Fixed in 0.90 added

Sat Nov 07 14:57:02 2009 MSCHOUT [...] cpan.org - Status changed from 'open' to 'resolved'