NAME
       Config::Access - Perform simple access control

SYNOPSIS
           use strict;                  # not optional (-:
           use Config::Access;


DESCRIPTION
       The Config::Access module provides a method of
       authenticating arbitrary client/service pairs in a way
       very similar to that provided by the TCP wrappers by
       Wietse Venema <wietse@wzv.win.tue.nl> but not limited to
       inetd services and IP/host names.

       This module can be useful for restricting access to
       certain parts of a script to a certain domain.  For
       example, a front end program to some device might deny
       certain users access to certain commands or only allow
       trusted users access to dangerous commands.  The semantics
       of what the client and service names actually mean is
       totally up to the programmer.

       The access control language is very similar to the access
       control language specified in hosts_access(5) for the TCP
       wrappers.  Two configuration files specify access rules.
       A file ending in .allow specifies rules to allow access
       and a file ending in .deny specifies rules to deny access.
       The prefix of these files is specified when a
       Config::Access object is created.

EXAMPLE
       The following scripts form a simple example of using the
       Config::Access module.  The access controls for the
       example correspond to the "mostly closed" model of the TCP
       wrappers.

         cat > test.pl << 'EOF'
         #!/usr/bin/perl

         use strict;
         use Config::Access;

         my($access) = Config::Access->new("example");
         my($user) = getpwuid($UID);

         if (!$access->access_query("beans", $user)) {
             print("Access to service 'beans' denied for user ", $user, "\n");
         }

         if ($access->access_query("ham", $user)) {
             print("Access to service 'ham' allowed for user ", $user, "\n");
         }
         EOF


         cat > example.allow << 'EOF'
         # Example allow file.  Allow all users to service 'ham' and only
         # selected users to service 'beans'.
         beans: tpot, markus
         ham: ALL
         EOF

         cat > example.deny << 'EOF'
         # Example deny file.  Deny all clients access to all services unless
         # specifically allowed above.
         ALL: ALL
         EOF


COPYRIGHT

         Copyright (c) 1995,1996,1997,1998 ANU and CSIRO on behalf of the
         participants in the CRC for Advanced Computational Systems
         ('ACSys').

         ACSys makes this software and all associated data and documentation
         ('Software') available free of charge.  You may make copies of the
         Software but you must include all of this notice on any copy.

         The Software was developed for research purposes and ACSys does not
         warrant that it is error free or fit for any purpose.  ACSys
         disclaims any liability for all claims, expenses, losses, damages
         and costs any user may incur as a result of using, copying or
         modifying the Software.


AUTHOR
       Tim Potter <Tim.Potter@anu.edu.au>
