view release on metacpan or  search on metacpan

pNETagent.PL  view on Meta::CPAN

=head2 Host based encryption

You can force a client to use encryption. The following example will
accept connections from 192.168.1.* only, if they are encrypted with
the DES algorithm and the key C<0123456789abcdef>:

    accept 192\.168\.1\.
        encryption DES
        key 0123456789abcdef
        encryptModule Crypt::DES

    deny .*

You are by no means bound to use DES. pNETagent just expects a certain
API, namely the methods I<new>, I<keysize>, I<blocksize>, I<encrypt>
and I<decrypt>. For example IDEA is another choice. The above example
will be mapped to this Perl source:

    $encryptModule = "Crypt::DES";
    $encryption = "DES";
    $key = "0123456789abcdef";

    eval "use $encryptModule;"
       . "$crypt = \$encryption->new(pack('H*', \$key));";

I<encryptModule> defaults to <encryption>, this is only needed because
of the brain damaged design of I<Crypt::IDEA> and I<Crypt::DES>, where
module name and class name differ.

=head2 User based authorization

The I<users> attribute allows to restrict access to certain users.
For example the following allows only the users C<joe> and C<jack>
from host C<alpha> and C<joe> and C<mike> from C<beta>:

    accept alpha
        users joe jack

pNETagent.PL  view on Meta::CPAN

        users joe mike

=head2 User based encryption

Although host based encryption is fine, you might still wish to force
different users to use different encryption secrets. Here's how it
goes:

    accept alpha
        users joe jack
        jack encrypt="Crypt::DES,DES,fedcba9876543210"
        joe encrypt="Crypt::IDEA,IDEA,0123456789abcdef0123456789abcdef"

This would force jack to encrypt with I<DES> and key C<fedcba9876543210>
and joe with I<IDEA> and C<0123456789abcdef0123456789abcdef>. The three
fields of the I<encrypt> entries correspond to the I<encryptionModule>,
I<encryption> and I<key> attributes of the host based encryption.

You note the problem: Of course user based encryption can only be
used when the user has already logged in. Thus we recommend to use
both host based and user based encryption: The former will be used

t/pNET.mtest  view on Meta::CPAN

    die "Need \$test_dsn being set in lib.pl.\n";
}
if ($dbdriver eq 'Ingres') {
    $hostname = $ENV{'II_HOST'} || $ENV{'PNET_HOST'} || 'localhost';
} else {
    $hostname = $ENV{'PNET_HOST'} || 'localhost';
}
TryToConnect($hostname, $test_dsn, $test_user, $test_password);
$dsn = "DBI:pNET:hostname=$hostname:port=3334";
$@ = '';
eval "use Crypt::DES";
if (!$@) {
    $dsn .= ":key=0123456789abcdef:cipher=DES";
    $cipherDef .= "        encryption DES\n"
	. "        key 0123456789abcdef\n"
	    . "        encryptModule Crypt::DES\n";
    eval "use Crypt::IDEA";
    if (!$@) {
	$dsn .= ":userkey=0123456789abcdef0123456789abcdef"
	    . ":usercipher=IDEA";
	$cipherDef .= "        $test_user encrypt=\"Crypt::IDEA,IDEA,"
	    . "0123456789abcdef0123456789abcdef\"\n"
	    }
}
$test_dsn = "$dsn:dsn=DBI:$dbdriver:test";