Codex

Authen::SASL::Perl::GSSAPI

Section: User Contributed Perl Documentation (3pm)

Updated: 2010-03-11

Index?action=index Return to Main Contents


NAME

Authen::SASL::Perl::GSSAPI - GSSAPI (Kerberosv5) Authentication class

SYNOPSIS

DESCRIPTION

This method implements the client part of the GSSAPI SASL algorithm, as described in RFC 2222 section 7.2.1 resp. draft-ietf-sasl-gssapi-XX.txt.

With a valid Kerberos 5 credentials cache (aka TGT) it allows to connect to service@host given as the first two parameters to Authen::SASL's client_start() method. Alternatively, a GSSAPI::Cred object can be passed in via the Authen::SASL callback hash using the `pass' key.

Please note that this module does not currently implement a SASL security layer following authentication. Unless the connection is protected by other means, such as TLS, it will be vulnerable to man-in-the-middle attacks. If security layers are required, then the Authen::SASL::XS GSSAPI module should be used instead.

CALLBACK

The callbacks used are:

authname
The authorization identity to be used in SASL exchange:
gssmech
The GSS mechanism to be used in the connection:
pass
The GSS credentials to be used in the connection (optional):

EXAMPLE

PROPERTIES

The properties used are:

maxbuf
The maximum buffer size for receiving cipher text:
minssf
The minimum SSF value that should be provided by the SASL security layer. The default is 0:
maxssf
The maximum SSF value that should be provided by the SASL security layer. The default is 2**31:
externalssf
The SSF value provided by an underlying external security layer. The default is 0:
ssf
The actual SSF value provided by the SASL security layer after the SASL authentication phase has been completed. This value is read-only and set by the implementation after the SASL authentication phase has been completed.:
maxout
The maximum plaintext buffer size for sending data to the peer. This value is set by the implementation after the SASL authentication phase has been completed and a SASL security layer is in effect.:

SEE ALSO

Authen::SASL, Authen::SASL::Perl

AUTHORS

Written by Simon Wilkinson, with patches and extensions by Achim Grolms and Peter Marschall.

Please report any bugs, or post any suggestions, to the perl-ldap mailing list <[email protected]>

COPYRIGHT

Copyright (c) 2006 Simon Wilkinson, Achim Grolms and Peter Marschall. All rights reserved. This program is free software; you can redistribute it and/or modify it under the same terms as Perl itself.


Index

NAME

SYNOPSIS

DESCRIPTION

CALLBACK

EXAMPLE

PROPERTIES

SEE ALSO

AUTHORS

COPYRIGHT