Authen-Krb5
view release on metacpan or search on metacpan
- Add get_init_creds_keytab (rra@debian.org)
- Add a destructor for Authen::Krb5::Creds (rra@debian.org)
- Add store_cred() method to Authen::Krb5::Ccache (rra@debian.org)
- Reimplement deprecated get_in_tkt_with_password and
get_in_tkt_with_keytab functions to use the the more current
get_init_creds_{password,keytab}, krb5_cc_initialize, and
krb5_cc_store_cred (rra@debian.org)
- Set context to NULL after calling krb5_free_context
(Wolfgang.Friebel@desy.de)
1.6 Add methods for iterating through credentials cache
- (mbrown@fensystems.co.uk) Deprecated init_ets Fix some compiler warnings
1.5 Fix broken compile for Authen::Krb5::Keytab::get_name()
1.4 Added methods for manipulating keytabs (ajk@iu.edu)
- Added keyblock accessor functions to allow use of the session key.
1.3 Added get_in_tkt_with_keytab() function (jorgen@greytower.net)
1.2 Minor fix to support building for Perl 5.6.
lib/Authen/Krb5.pm view on Meta::CPAN
can use this to create a principal from your username.
=head2 C<sname_to_principal(hostname,sname,type)>
Generates a server principal from the given hostname, service, and type.
Type can be one of the following: NT_UNKNOWN, NT_PRINCIPAL, NT_SRV_INST,
NT_SRV_HST, NT_SRV_XHST, NT_UID. See the Kerberos documentation for details.
=head2 C<cc_resolve(name)>
Returns a credentials cache identifier which corresponds to the given name.
'name' must be in the form TYPE:RESIDUAL. See the Kerberos documentation
for more information.
=head2 C<cc_default_name()>
Returns the name of the default credentials cache, which may be equivalent
to KRB5CCACHE.
=head2 C<cc_default()>
Returns a L<Authen::Krb5::Ccache> object representing the default credentials
cache.
=head2 C<kt_resolve(name)>
Returns a L<Authen::Krb5::Keytab> object representing the specified keytab name.
=head2 C<kt_default_name()>
Returns a sting containing the default keytab name.
lib/Authen/Krb5.pm view on Meta::CPAN
representation (not a principal object) for the ticket to acquire. If not
given, it defaults to C<krbtgt/REALM@REALM> for the local realm. Returns an
L<Authen::Krb5::Creds> object or undef on failure.
=head2 C<get_in_tkt_with_password(client,server,password,cc)>
Attempt to get an initial ticket for the client. 'client' is a principal
object for which you want an initial ticket. 'server' is a principal object
for the service (usually C<krbtgt/REALM@REALM>). 'password' is the password
for the client, and 'cc' is a L<Authen::Krb5::Ccache> object representing the
current credentials cache. Returns a Kerberos error code.
Although this interface is deprecated in the Kerberos C libraries, it's
supported in the Perl module. In this module, it's implemented in terms of
C<krb5_get_init_creds_password>, L<krb5_cc_initialize>, and L<krb5_cc_store_cred>.
=head2 C<get_in_tkt_with_keytab(client,server,keytab,cc)>
Obtain an initial ticket for the client using a keytab. 'client' is a
principal object for which you want an initial ticket. 'server' is a
principal object for the service (usually C<krbtgt/REALM@REALM>). 'keytab' is
a keytab object createed with kt_resolve. 'cc' is a L<Authen::Krb5::Ccache>
object representing the current credentials cache. Returns a Kerberos error
code.
Although this interface is deprecated in the Kerberos C libraries, it's
supported in the Perl module. In this module, it's implemented in terms of
L<krb5_get_init_creds_keytab>, L<krb5_cc_initialize>, and L<krb5_cc_store_cred>.
=head2 C<mk_req(auth_context,ap_req_options,service,hostname,in,cc)>
Obtains a ticket for a specified service and returns a C<KRB_AP_REQ> message
suitable for passing to rd_req. 'auth_context' is the L<Authen::Krb5::AuthContext>
object you want to use for this connection, 'ap_req_options' is an OR'ed
representation of the possible options (see Kerberos docs), 'service' is
the name of the service for which you want a ticket (like 'host'), hostname
is the hostname of the server, 'in' can be any user-specified data that can
be verified at the server end, and 'cc' is your credentials cache object.
=head2 C<rd_req(auth_context,in,server,keytab)>
Parses a C<KRB_AP_REQ> message and returns its contents in a L<Authen::Krb5::Ticket>
object. 'auth_context' is the connection's L<Authen::Krb5::AuthContext> object,
'in' is the C<KRB_AP_REQ> message (usually from mk_req), and server is the
expected server's name for the ticket. 'keytab' is a L<Authen::Krb5::Keytab>
object for the keytab you want to use. Specify C<undef> or leave off to use
the default keytab.
lib/Authen/Krb5.pm view on Meta::CPAN
Obtains and sends an authenticated ticket from a client program to a server
program using the filehandle 'fh'. 'version' is an application-defined
version string that recvauth compares to its own version string. 'client'
is the client principal, e.g. C<username@REALM>. 'server' is the service
principal to which you are authenticating, e.g. C<service.hostname@REALM>.
The only useful option right now is C<AP_OPTS_MUTUAL_REQUIRED>, which forces
sendauth to perform mutual authentication with the server. 'in' is a string
that will be received by recvauth and verified by the server--it's up to the
application. 'in_creds' is not yet supported, so just use 'undef' here. 'cc'
should be set to the current credentials cache. sendauth returns true
on success and undefined on failure.
=head2 C<recvauth(auth_context,fh,version,server,keytab)>
Receives authentication data from a client using the sendauth function through
the filehandle 'fh'. 'version' is as described in the sendauth section.
'server' is the server principal to which the client will be authenticating.
'keytab' is a C<Authen::Krb5::Keytab> object specifying the keytab to use for this
service. recvauth returns a C<Authen::Krb5::Ticket> object on success or
undefined on failure.
lib/Authen/Krb5/Ccache.pod view on Meta::CPAN
# PODNAME: Authen::Krb5::Ccache
# ABSTRACT: Kerberos 5 credentials cache object.
__END__
=pod
=encoding UTF-8
=head1 NAME
Authen::Krb5::Ccache - Kerberos 5 credentials cache object.
=head1 VERSION
version 1.906
=head1 METHODS
=head2 C<initialize(p)>
Creates/refreshes a credentials cache for the primary principal 'p'. If the
cache already exists, its contents are destroyed.
=head2 C<store_cred(creds)>
Stores the given credentials, which should be an Authen::Krb5::Creds object
as returned from get_init_creds_password() or get_init_creds_keytab(), in
the cache.
=head2 C<get_name>
Returns the name of the credentials cache.
=head2 C<get_principal>
Returns the primary principal of the credentials cache.
=head2 C<destroy>
Destroys the credentials cache and releases all resources it used.
=head2 C<start_seq_get()>
Returns a cursor that can be passed to I<next_cred()> to read in turn
every credential in the cache.
=head2 C<next_cred(cursor)>
Returns the next credential in the cache as an Authen::Krb5::Creds
object.
lib/Authen/Krb5/Creds.pod view on Meta::CPAN
Returns the renew_till time property of the credential.
=head2 C<server()>
Returns the name of the service principal the credential is for.
=head2 C<client()>
Returns the client principal name (will usually be identical for all
credentials in a credential cache).
=head2 C<ticket()>
Returns the Authen::Krb5::Ticket for this credential.
=head2 C<keyblock()>
Returns the keyblock of the credential.
=head1 AUTHOR
( run in 0.361 second using v1.01-cache-2.11-cpan-4d50c553e7e )