Authen-SASL
6 results

 view release on metacpan or  search on metacpan

Changes  view on Meta::CPAN 

Authen-SASL 2.14 -- Thu Mar 11 08:21:07 CST 2010

  * Documentation updates  [Yann Kerherve]
  * Added server API description [Yann Kerherve]
  * Bugfixes to LOGIN, PLAIN and DIGEST_MD5 [Yann Kerherve]
  * Added server support for LOGIN, PLAINaand DIGEST_MD5 [Yann Kerherve]
  * Compatiblity with Authen::SASL::XS [Yann Kerherve]

Authen-SASL 2.13 -- Thu Sep 24 17:27:47 CDT 2009

  * RT#42191 Only use pass for GSSAPI credentials if it is an object of type GSSAPI::Cred
  * RT#675 Authorization with Authen::SASL::Perl::External
  * Call client_new and server_new inside eval so further plugins can be tried before failing
  * Prefer to use Authen::SASL::XS over Authen::SASL::Cyrus

Authen-SASL 2.12 -- Mon Jun 30 21:35:21 CDT 2008

Enhancements
  * GSSAPI implement protocol according to RFC, but by default, remain compatible with cyrus sasl lib
  * DIGEST-MD5 implement channel encryption layer

lib/Authen/SASL/Perl.pod  view on Meta::CPAN 

exclusively used for Kerberos 5.


=item LOGIN

The LOGIN SASL Mechanism as defined in IETF Draft
draft-murchison-sasl-login-XX.txt allows  the
combination of username and clear-text password to be used
in a SASL mechanism.

It does not provide a security layer and sends the credentials
in clear over the wire.
Thus this mechanism should not be used without adequate security
protection.

=item OAUTHBEARER

It is one of the methods for OAuth2.0 based authentication.
Instead of a password, an OAUTHBEARER string is passed in a
specific format, described in RFC5801 and RFC7628

It is a newer and more secure method of authentication since it
relies on tokens that have a limited lifespan.

=item PLAIN

The Plain SASL Mechanism as defined in RFC 2595 resp. IETF Draft
draft-ietf-sasl-plain-XX.txt is another SASL mechanism that allows
username and clear-text password combinations in SASL environments.

Like LOGIN it sends the credentials in clear over the network
and should not be used without sufficient security protection.

=item XOAUTH2

It is one of the methods for OAuth2.0 based authentication.
It has been developed by Google but is used by other email providers
like Outlook as well.
Instead of a password, an XOAUTH2 string is passed in a
specific format. It is documented by Google on:
https://developers.google.com/workspace/gmail/imap/xoauth2-protocol

lib/Authen/SASL/Perl/DIGEST_MD5.pm  view on Meta::CPAN 

# 'qop="auth",qop="auth-int"' is the same as 'qop="auth,auth-int"

    'qop'         => $qop,
    'cipher'      => [ map { $_->{name} } @ourciphers ],
  );
  my $final_response = _response(\%response);
  $cb->($final_response);
  return;
}

sub client_step {   # $self, $server_sasl_credentials
  my ($self, $challenge) = @_;
  $self->{server_params} = \my %sparams;

  # Parse response parameters
  $self->_parse_challenge(\$challenge, server => $self->{server_params})
    or return $self->set_error("Bad challenge: '$challenge'");

  if ($self->{state} == 1) {
    # check server's `rspauth' response
    return $self->set_error("Server did not send rspauth in step 2")

lib/Authen/SASL/Perl/GSSAPI.pm  view on Meta::CPAN 

  $sasl = Authen::SASL->new( mechanism => 'GSSAPI',
 			     callback => { pass => $mycred });

  $sasl->client_start( $service, $host );

=head1 DESCRIPTION

This method implements the client part of the GSSAPI SASL algorithm,
as described in RFC 2222 section 7.2.1 resp. draft-ietf-sasl-gssapi-XX.txt.

With a valid Kerberos 5 credentials cache (aka TGT) it allows
to connect to I<service>@I<host> given as the first two parameters
to Authen::SASL's client_start() method.  Alternatively, a GSSAPI::Cred
object can be passed in via the Authen::SASL callback hash using
the `pass' key.

Please note that this module does not currently implement a SASL
security layer following authentication. Unless the connection is
protected by other means, such as TLS, it will be vulnerable to
man-in-the-middle attacks. If security layers are required, then the
L<Authen::SASL::XS> GSSAPI module should be used instead.

lib/Authen/SASL/Perl/GSSAPI.pm  view on Meta::CPAN 

=item authname

The authorization identity to be used in SASL exchange

=item gssmech

The GSS mechanism to be used in the connection

=item pass 

The GSS credentials to be used in the connection (optional)

=back


=head1 EXAMPLE

 #! /usr/bin/perl -w

 use strict;
use warnings;

lib/Authen/SASL/Perl/LOGIN.pm  view on Meta::CPAN 

=head3 Server

=over 4

=item getsecret(username)

returns the password associated with C<username>

=item checkpass(username, password)

returns true and false depending on the validity of the credentials passed
in arguments.

=back

=head1 SEE ALSO

L<Authen::SASL>,
L<Authen::SASL::Perl>

=head1 AUTHORS

lib/Authen/SASL/Perl/PLAIN.pm  view on Meta::CPAN 

The user's password to be used for authentication.

=back

=head3 Server

=over 4

=item checkpass(username, password, realm)

returns true and false depending on the validity of the credentials passed
in arguments.

=back

=head1 SEE ALSO

L<Authen::SASL>,
L<Authen::SASL::Perl>

=head1 AUTHORS



( run in 0.575 second using v1.01-cache-2.11-cpan-2b1a40005be )