view release on metacpan or  search on metacpan

pod/v2/afsperlktct.pod  view on Meta::CPAN

=item B<endTime>

Expiration date of the token.

=item B<sessionKey>

Session encryption key of the token.

=item B<kvno>

Key version number associated with the Session encryption key.

=item B<ticketLen>

The length in bytes of the data stored in the attribute 'ticket'.

=item B<ticket>

The server ticket to use for the principal.

=back

=head1 METHODS

=over 4

=item B<CONSTRUCTOR>

=item S< >

=item B<$ok = AFS::KTC_TOKEN-E<gt>GetAuthToken(USER, EKEY, LIFE [, PWEXP]);>

Creates a token for the service KA_TICKET_GRANTING_SERVICE (a ticket
granting ticket, TGT) for a particular USER and saves it in the memory
(kernel token cache).  EKEY contains the user's encryption key and
LIFE indicates how long the token will be valid (in seconds, given in
5 minute intervals).  If PWEXP (default -1) is given it returns the
number of days till the password expires. USER must be an instance of
AFS::KTC_PRINCIPAL and EKEY an instance of AFS::KTC_EKEY. B<This
method must be performed first before you can get any service token
(method GetServerToken)>.  This method calls the AFS system library
function 'ka_GetAuthToken'.

=item B<$token = AFS::KTC_TOKEN-E<gt>GetServerToken(SERVICE, LIFE [, NEWTK]);>

Returns a token for the specified SERVICE.  LIFE indicates how long
the token will be valid (in seconds, given in 5 minute intervals). If
NEWTK is set to 1 (default), then the function should get a new token
if necessary. SERVICE must be an instance of AFS::KTC_PRINCIPAL.  It
requires that you already possess a TGT (method GetAuthToken).  It
calls the AFS system library function 'ka_GetServerToken'.

=item B<$token = AFS::KTC_TOKEN-E<gt>GetAdminToken(USER, EKEY, LIFE [, NEWTK [, REASON]]);>

Creates an administration token for the specified USER. It saves the
token in the memory (kernel token cache) and additionally it returns
the token.  EKEY contains the encryption key and LIFE indicates how
long the token will be valid (in seconds, given in 5 minute
intervals). If NEWTK is set to 1 (default), then the function should
get a new token if necessary.  On error the error message is returned
in REASON. USER must be an instance of AFS::KTC_PRINCIPAL and EKEY an
instance of AFS::KTC_EKEY.  It calls the AFS system library function
'ka_GetAdminToken'.

=item B<$token = AFS::KTC_TOKEN-E<gt>nulltoken;>

Returns a NULL token. This token is only for use with the KAS methods
C<AuthServerConn> and C<SingleServerConn>. Do not use it with any other
methods or functions.

=item B<CLASS METHODS>

=item S< >

=item B<($token, $user) = AFS::KTC_TOKEN-E<gt>GetToken(SERVICE);>

Returns the token $token and the principal $user for the specified
principal SERVICE.  It calls the AFS system library function
'ktc_GetToken'.

=item B<$ok = AFS::KTC_TOKEN-E<gt>SetToken(SERVICE, TOKEN, USER [, FLAGS]);>

Stores the TOKEN for the given principal SERVICE and the given
principal USER in the memory (kernel token cache). Possible Flags are
C<AFS_SETTOK_SETPAG> and C<AFS_SETTOK_LOGON>.  It calls the AFS system
library function 'ktc_SetToken'.

=item B<$ok = AFS::KTC_TOKEN-E<gt>UserAuthenticateGeneral(USER, PASSWORD, LIFE, FLAGS [, PWEXP [, REASON]]);>

Undertakes all necessary steps for a complete authentication of
principal USER.  It converts the string PASSWORD (the cleartext
password) for the principal USER to an encryption key. Then it creates
a TGT token. After that it asks for a service token for service I<AFS>
with a life time of LIFE (in seconds, given in 5 minute intervals).
Finally it saves the service token in the memory (kernel token cache).

Possible values for FLAGS are C<KA_USERAUTH_VERSION> and
C<KA_USERAUTH_DOSETPAG>.  If PWEXP (default -1) is given it returns the
number of days till the password expires.  On error the error message
is returned in REASON. It calls the AFS system library function
'ka_UserAuthenticateGeneral'.

=item B<$ok = AFS::KTC_TOKEN-E<gt>ForgetAllTokens;>

Discards all of the issuer's tokens.  It calls the AFS system library
function 'ktc_ForgetAllTokens'.

=item B<$token = AFS::KTC_TOKEN-E<gt>FromString(STRING);>

Returns a recovered token from STRING. This STRING was previously
generated with the instance method '$token-E<gt>string'.

=item B<ATTRIBUTES ACCESS>

=item S< >

=item B<$token-E<gt>ATTRIBUTE;>

Retrieves the value for the specified object attribute, where ATTRIBUTE
is one of the above listed object attributes (e.g. C<startTime>).

=item B<INSTANCE METHODS>

=item S< >

=item B<$token-E<gt>string;>

Returns the whole token as a C<string>.

=back

=head1 CURRENT AUTHOR

Norbert E. Gruener E<lt>nog@MPA-Garching.MPG.deE<gt>

=head1 AUTHOR EMERITUS

Roland Schemers E<lt>schemers@slapshot.stanford.eduE<gt>

=head1 COPYRIGHT AND LICENSE

 Copyright (c) 2001-2010 Norbert E. Gruener <nog@MPA-Garching.MPG.de>.
 All rights reserved.

 Copyright (c) 1994 Board of Trustees, Leland Stanford Jr. University.
 All rights reserved.

Most of the explanations in this document are taken from the original
AFS documentation.

 AFS-3 Programmer's Reference:
 Authentication Server Interface
 Edward R. Zayas
 Copyright (c) 1991 Transarc Corporation.
 All rights reserved.

 IBM AFS Administration Reference
 Copyright (c) IBM Corporation 2000.
 All rights reserved.