228 lines
6.4 KiB
HTML
228 lines
6.4 KiB
HTML
|
|
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
|
|
<HTML><HEAD><TITLE>Man page of Authen::SASL::Perl</TITLE>
|
|
</HEAD><BODY>
|
|
<H1>Authen::SASL::Perl</H1>
|
|
Section: User Contributed Perl Documentation (3pm)<BR>Updated: 2010-03-11<BR><A HREF="#index">Index</A>
|
|
<A HREF="/cgi-bin/man/man2html">Return to Main Contents</A><HR>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<A NAME="lbAB"> </A>
|
|
<H2>NAME</H2>
|
|
|
|
Authen::SASL::Perl -- Perl implementation of the SASL Authentication framework
|
|
<A NAME="lbAC"> </A>
|
|
<H2>SYNOPSIS</H2>
|
|
|
|
|
|
|
|
|
|
|
|
<PRE>
|
|
use Authen::SASL qw(Perl);
|
|
|
|
$sasl = Authen::SASL->new(
|
|
mechanism => 'CRAM-MD5 PLAIN ANONYMOUS',
|
|
callback => {
|
|
user => $user,
|
|
pass => \&fetch_password
|
|
}
|
|
);
|
|
|
|
</PRE>
|
|
|
|
|
|
<A NAME="lbAD"> </A>
|
|
<H2>DESCRIPTION</H2>
|
|
|
|
|
|
|
|
<B>Authen::SASL::Perl</B> is the pure Perl implementation of <FONT SIZE="-1">SASL</FONT> mechanisms
|
|
in the <B>Authen::SASL</B> framework.
|
|
<P>
|
|
|
|
At the time of this writing it provides the client part implementation
|
|
for the following <FONT SIZE="-1">SASL</FONT> mechanisms:
|
|
<DL COMPACT>
|
|
<DT id="1"><FONT SIZE="-1">ANONYMOUS</FONT><DD>
|
|
|
|
|
|
The Anonymous <FONT SIZE="-1">SASL</FONT> Mechanism as defined in <FONT SIZE="-1">RFC 2245</FONT> resp.
|
|
in <FONT SIZE="-1">IETF</FONT> Draft draft-ietf-sasl-anon-03.txt from February 2004
|
|
provides a method to anonymously access internet services.
|
|
|
|
|
|
<P>
|
|
|
|
|
|
Since it does no authentication it does not need to send
|
|
any confidential information such as passwords in plain text
|
|
over the network.
|
|
<DT id="2"><FONT SIZE="-1">CRAM-MD5</FONT><DD>
|
|
|
|
|
|
The <FONT SIZE="-1">CRAM-MD5 SASL</FONT> Mechanism as defined in <FONT SIZE="-1">RFC2195</FONT> resp.
|
|
in <FONT SIZE="-1">IETF</FONT> Draft draft-ietf-sasl-crammd5-XX.txt
|
|
offers a simple challenge-response authentication mechanism.
|
|
|
|
|
|
<P>
|
|
|
|
|
|
Since it is a challenge-response authentication mechanism
|
|
no passwords are transferred in clear-text over the wire.
|
|
|
|
|
|
<P>
|
|
|
|
|
|
Due to the simplicity of the protocol <FONT SIZE="-1">CRAM-MD5</FONT> is susceptible
|
|
to replay and dictionary attacks, so <FONT SIZE="-1">DIGEST-MD5</FONT> should be used
|
|
in preferrence.
|
|
<DT id="3"><FONT SIZE="-1">DIGEST-MD5</FONT><DD>
|
|
|
|
|
|
The <FONT SIZE="-1">DIGEST-MD5 SASL</FONT> Mechanism as defined in <FONT SIZE="-1">RFC 2831</FONT> resp.
|
|
in <FONT SIZE="-1">IETF</FONT> Draft draft-ietf-sasl-rfc2831bis-XX.txt
|
|
offers the <FONT SIZE="-1">HTTP</FONT> Digest Access Authentication as <FONT SIZE="-1">SASL</FONT> mechanism.
|
|
|
|
|
|
<P>
|
|
|
|
|
|
Like <FONT SIZE="-1">CRAM-MD5</FONT> it is a challenge-response authentication
|
|
method that does not send plain text passwords over the network.
|
|
|
|
|
|
<P>
|
|
|
|
|
|
Compared to <FONT SIZE="-1">CRAM-MD5, DIGEST-MD5</FONT> prevents chosen plaintext
|
|
attacks, and permits the use of third party authentication servers,
|
|
so that it is recommended to use <FONT SIZE="-1">DIGEST-MD5</FONT> instead of <FONT SIZE="-1">CRAM-MD5</FONT>
|
|
when possible.
|
|
<DT id="4"><FONT SIZE="-1">EXTERNAL</FONT><DD>
|
|
|
|
|
|
The <FONT SIZE="-1">EXTERNAL SASL</FONT> mechanism as defined in <FONT SIZE="-1">RFC 2222</FONT>
|
|
allows the use of external authentication systems as <FONT SIZE="-1">SASL</FONT> mechanisms.
|
|
<DT id="5"><FONT SIZE="-1">GSSAPI</FONT><DD>
|
|
|
|
|
|
The <FONT SIZE="-1">GSSAPI SASL</FONT> mechanism as defined in <FONT SIZE="-1">RFC 2222</FONT> resp. <FONT SIZE="-1">IETF</FONT> Draft
|
|
draft-ietf-sasl-gssapi-XX.txt allows using the Generic Security Service
|
|
Application Program Interface [<FONT SIZE="-1">GSSAPI</FONT>] <FONT SIZE="-1">KERBEROS V5</FONT> as as <FONT SIZE="-1">SASL</FONT> mechanism.
|
|
|
|
|
|
<P>
|
|
|
|
|
|
Although <FONT SIZE="-1">GSSAPI</FONT> is a general mechanism for authentication it is almost
|
|
exlusively used for Kerberos 5.
|
|
<DT id="6"><FONT SIZE="-1">LOGIN</FONT><DD>
|
|
|
|
|
|
The <FONT SIZE="-1">LOGIN SASL</FONT> Mechanism as defined in <FONT SIZE="-1">IETF</FONT> Draft
|
|
draft-murchison-sasl-login-XX.txt allows the
|
|
combination of username and clear-text password to be used
|
|
in a <FONT SIZE="-1">SASL</FONT> mechanism.
|
|
|
|
|
|
<P>
|
|
|
|
|
|
It does does not provide a security layer and sends the credentials
|
|
in clear over the wire.
|
|
Thus this mechanism should not be used without adequate security
|
|
protection.
|
|
<DT id="7"><FONT SIZE="-1">PLAIN</FONT><DD>
|
|
|
|
|
|
The Plain <FONT SIZE="-1">SASL</FONT> Mechanism as defined in <FONT SIZE="-1">RFC 2595</FONT> resp. <FONT SIZE="-1">IETF</FONT> Draft
|
|
draft-ietf-sasl-plain-XX.txt is another <FONT SIZE="-1">SASL</FONT> mechanism that allows
|
|
username and clear-text password combinations in <FONT SIZE="-1">SASL</FONT> environments.
|
|
|
|
|
|
<P>
|
|
|
|
|
|
Like <FONT SIZE="-1">LOGIN</FONT> it sends the credentials in clear over the network
|
|
and should not be used without sufficient security protection.
|
|
</DL>
|
|
<P>
|
|
|
|
As for server support, only <I></I><FONT SIZE="-1"><I>PLAIN</I></FONT><I></I>, <I></I><FONT SIZE="-1"><I>LOGIN</I></FONT><I></I> and <I></I><FONT SIZE="-1"><I>DIGEST-MD5</I></FONT><I></I> are supported
|
|
at the time of this writing.
|
|
<P>
|
|
|
|
<TT>"server_new"</TT> <FONT SIZE="-1">OPTIONS</FONT> is a hashref that is only relevant for <I></I><FONT SIZE="-1"><I>DIGEST-MD5</I></FONT><I></I> for
|
|
now and it supports the following options:
|
|
<DL COMPACT>
|
|
<DT id="8">- no_integrity<DD>
|
|
|
|
|
|
|
|
<DT id="9">- no_confidentiality<DD>
|
|
|
|
|
|
|
|
</DL>
|
|
<P>
|
|
|
|
which configures how the security layers are negotiated with the client (or
|
|
rather imposed to the client).
|
|
<A NAME="lbAE"> </A>
|
|
<H2>SEE ALSO</H2>
|
|
|
|
|
|
|
|
Authen::SASL,
|
|
Authen::SASL::Perl::ANONYMOUS,
|
|
Authen::SASL::Perl::CRAM_MD5,
|
|
Authen::SASL::Perl::DIGEST_MD5,
|
|
Authen::SASL::Perl::EXTERNAL,
|
|
Authen::SASL::Perl::GSSAPI,
|
|
Authen::SASL::Perl::LOGIN,
|
|
Authen::SASL::Perl::PLAIN
|
|
<A NAME="lbAF"> </A>
|
|
<H2>AUTHOR</H2>
|
|
|
|
|
|
|
|
Peter Marschall <<A HREF="mailto:peter@adpm.de">peter@adpm.de</A>>
|
|
<P>
|
|
|
|
Please report any bugs, or post any suggestions, to the perl-ldap mailing list
|
|
<<A HREF="mailto:perl-ldap@perl.org">perl-ldap@perl.org</A>>
|
|
<A NAME="lbAG"> </A>
|
|
<H2>COPYRIGHT</H2>
|
|
|
|
|
|
|
|
Copyright (c) 2004-2006 Peter Marschall.
|
|
All rights reserved. This document is distributed, and may be redistributed,
|
|
under the same terms as Perl itself.
|
|
<P>
|
|
|
|
<HR>
|
|
<A NAME="index"> </A><H2>Index</H2>
|
|
<DL>
|
|
<DT id="10"><A HREF="#lbAB">NAME</A><DD>
|
|
<DT id="11"><A HREF="#lbAC">SYNOPSIS</A><DD>
|
|
<DT id="12"><A HREF="#lbAD">DESCRIPTION</A><DD>
|
|
<DT id="13"><A HREF="#lbAE">SEE ALSO</A><DD>
|
|
<DT id="14"><A HREF="#lbAF">AUTHOR</A><DD>
|
|
<DT id="15"><A HREF="#lbAG">COPYRIGHT</A><DD>
|
|
</DL>
|
|
<HR>
|
|
This document was created by
|
|
<A HREF="/cgi-bin/man/man2html">man2html</A>,
|
|
using the manual pages.<BR>
|
|
Time: 00:05:36 GMT, March 31, 2021
|
|
</BODY>
|
|
</HTML>
|