suzanne.soy/man-pages
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
4c89183f2b
man-pages/man3/Authen::SASL::Perl::GSSAPI.3pm.html
Suzanne Soy 4c89183f2b Added man pages from my system
2021-03-31 01:06:50 +01:00

217 lines
5.6 KiB
HTML
Raw Blame History

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<HTML><HEAD><TITLE>Man page of Authen::SASL::Perl::GSSAPI</TITLE>
</HEAD><BODY>
<H1>Authen::SASL::Perl::GSSAPI</H1>
Section: User Contributed Perl Documentation (3pm)<BR>Updated: 2010-03-11<BR><A HREF="#index">Index</A>
<A HREF="/cgi-bin/man/man2html">Return to Main Contents</A><HR>
<A NAME="lbAB">&nbsp;</A>
<H2>NAME</H2>
Authen::SASL::Perl::GSSAPI - GSSAPI (Kerberosv5) Authentication class
<A NAME="lbAC">&nbsp;</A>
<H2>SYNOPSIS</H2>
<PRE>
use Authen::SASL qw(Perl);
$sasl = Authen::SASL-&gt;new( mechanism =&gt; 'GSSAPI' );
$sasl = Authen::SASL-&gt;new( mechanism =&gt; 'GSSAPI',
callback =&gt; { pass =&gt; $mycred });
$sasl-&gt;client_start( $service, $host );
</PRE>
<A NAME="lbAD">&nbsp;</A>
<H2>DESCRIPTION</H2>
This method implements the client part of the <FONT SIZE="-1">GSSAPI SASL</FONT> algorithm,
as described in <FONT SIZE="-1">RFC 2222</FONT> section 7.2.1 resp. draft-ietf-sasl-gssapi-XX.txt.
<P>
With a valid Kerberos 5 credentials cache (aka <FONT SIZE="-1">TGT</FONT>) it allows
to connect to <I>service</I>@<I>host</I> given as the first two parameters
to Authen::SASL's <I>client_start()</I> method. Alternatively, a GSSAPI::Cred
object can be passed in via the Authen::SASL callback hash using
the `pass' key.
<P>
Please note that this module does not currently implement a <FONT SIZE="-1">SASL</FONT>
security layer following authentication. Unless the connection is
protected by other means, such as <FONT SIZE="-1">TLS,</FONT> it will be vulnerable to
man-in-the-middle attacks. If security layers are required, then the
Authen::SASL::XS <FONT SIZE="-1">GSSAPI</FONT> module should be used instead.
<A NAME="lbAE">&nbsp;</A>
<H3><FONT SIZE="-1">CALLBACK</FONT></H3>
The callbacks used are:
<DL COMPACT>
<DT id="1">authname<DD>
The authorization identity to be used in <FONT SIZE="-1">SASL</FONT> exchange
<DT id="2">gssmech<DD>
The <FONT SIZE="-1">GSS</FONT> mechanism to be used in the connection
<DT id="3">pass<DD>
The <FONT SIZE="-1">GSS</FONT> credentials to be used in the connection (optional)
</DL>
<A NAME="lbAF">&nbsp;</A>
<H2>EXAMPLE</H2>
<PRE>
#! /usr/bin/perl -w
use strict;
use Net::LDAP 0.33;
use Authen::SASL 2.10;
# -------- Adjust to your environment --------
my $adhost = 'theserver.bla.net';
my $ldap_base = 'dc=bla,dc=net';
my $ldap_filter = '(&amp;(sAMAccountName=BLAAGROL))';
my $sasl = Authen::SASL-&gt;new(mechanism =&gt; 'GSSAPI');
my $ldap;
eval {
$ldap = Net::LDAP-&gt;new($adhost,
onerror =&gt; 'die')
or die &quot;Cannot connect to LDAP host '$adhost': '$@'&quot;;
$ldap-&gt;bind(sasl =&gt; $sasl);
};
if ($@) {
chomp $@;
die &quot;\nBind error : $@&quot;,
&quot;\nDetailed SASL error: &quot;, $sasl-&gt;error,
&quot;\nTerminated&quot;;
}
print &quot;\nLDAP bind() succeeded, working in authenticated state&quot;;
my $mesg = $ldap-&gt;search(base =&gt; $ldap_base,
filter =&gt; $ldap_filter);
# -------- evaluate $mesg
</PRE>
<A NAME="lbAG">&nbsp;</A>
<H3><FONT SIZE="-1">PROPERTIES</FONT></H3>
The properties used are:
<DL COMPACT>
<DT id="4">maxbuf<DD>
The maximum buffer size for receiving cipher text
<DT id="5">minssf<DD>
The minimum <FONT SIZE="-1">SSF</FONT> value that should be provided by the <FONT SIZE="-1">SASL</FONT> security layer.
The default is 0
<DT id="6">maxssf<DD>
The maximum <FONT SIZE="-1">SSF</FONT> value that should be provided by the <FONT SIZE="-1">SASL</FONT> security layer.
The default is 2**31
<DT id="7">externalssf<DD>
The <FONT SIZE="-1">SSF</FONT> value provided by an underlying external security layer.
The default is 0
<DT id="8">ssf<DD>
The actual <FONT SIZE="-1">SSF</FONT> value provided by the <FONT SIZE="-1">SASL</FONT> security layer after the <FONT SIZE="-1">SASL</FONT>
authentication phase has been completed. This value is read-only and set
by the implementation after the <FONT SIZE="-1">SASL</FONT> authentication phase has been completed.
<DT id="9">maxout<DD>
The maximum plaintext buffer size for sending data to the peer.
This value is set by the implementation after the <FONT SIZE="-1">SASL</FONT> authentication
phase has been completed and a <FONT SIZE="-1">SASL</FONT> security layer is in effect.
</DL>
<A NAME="lbAH">&nbsp;</A>
<H2>SEE ALSO</H2>
Authen::SASL,
Authen::SASL::Perl
<A NAME="lbAI">&nbsp;</A>
<H2>AUTHORS</H2>
Written by Simon Wilkinson, with patches and extensions by Achim Grolms
and Peter Marschall.
<P>
Please report any bugs, or post any suggestions, to the perl-ldap mailing list
&lt;<A HREF="mailto:perl-ldap@perl.org">perl-ldap@perl.org</A>&gt;
<A NAME="lbAJ">&nbsp;</A>
<H2>COPYRIGHT</H2>
Copyright (c) 2006 Simon Wilkinson, Achim Grolms and Peter Marschall.
All rights reserved. This program is free software; you can redistribute
it and/or modify it under the same terms as Perl itself.
<P>
<HR>
<A NAME="index">&nbsp;</A><H2>Index</H2>
<DL>
<DT id="10"><A HREF="#lbAB">NAME</A><DD>
<DT id="11"><A HREF="#lbAC">SYNOPSIS</A><DD>
<DT id="12"><A HREF="#lbAD">DESCRIPTION</A><DD>
<DL>
<DT id="13"><A HREF="#lbAE"><FONT SIZE="-1">CALLBACK</FONT></A><DD>
</DL>
<DT id="14"><A HREF="#lbAF">EXAMPLE</A><DD>
<DL>
<DT id="15"><A HREF="#lbAG"><FONT SIZE="-1">PROPERTIES</FONT></A><DD>
</DL>
<DT id="16"><A HREF="#lbAH">SEE ALSO</A><DD>
<DT id="17"><A HREF="#lbAI">AUTHORS</A><DD>
<DT id="18"><A HREF="#lbAJ">COPYRIGHT</A><DD>
</DL>
<HR>
This document was created by
<A HREF="/cgi-bin/man/man2html">man2html</A>,
using the manual pages.<BR>
Time: 00:05:36 GMT, March 31, 2021
</BODY>
</HTML>
Reference in New Issue View Git Blame Copy Permalink