AFS
28 results

 view release on metacpan or  search on metacpan

pod/v2/afsperlktct.pod  view on Meta::CPAN 

#------------------------------------------------------------------------------
# RCS-Id: "@(#)$RCS-Id: pod/v2/afsperlktct.pod 2e2ca60 Tue Apr 15 13:04:20 2014 +0200 Norbert E Gruener$"
#
# © 2001-2014 Norbert E. Gruener <nog@MPA-Garching.MPG.de>
#
# This is free software; you can redistribute it and/or modify it under
# the same terms as the Perl 5 programming language system itself.
#------------------------------------------------------------------------------

=head1 NAME

B<AFS::KTC_TOKEN> - Class to handle the B<AFS structure ktc_token>

=head1 SYNOPSIS

  use AFS::KTC_TOKEN;

  use AFS::KTC_PRINCIPAL;
  use AFS::KTC_EKEY;
  use AFS::Cell qw(localcell);

  my $token = AFS::KTC_TOKEN->nulltoken;
  print "StartTime  = ", $token->startTime, "\n";
  print "EndTime    = ", $token->endTime, "\n";
  print "SessionKey = ", $token->sessionKey, "\n";
  print "Kvno       = ", $token->kvno, "\n";
  print "TicketLen  = ", $token->ticketLen, "\n";
  print "Ticket     = ", $token->ticket, "\n";
  print "String     = ", $token->string, "\n";

  my $index = 0;
  my $service = AFS::KTC_PRINCIPAL->ListTokens($index);
  print "service = ", $service->principal, "\n";
  ($token, my $user) = AFS::KTC_TOKEN->GetToken($service);
  print "  client     = ", $user -> principal, "\n";
  print "  StartTime  = ", $token->startTime, "\n";
  print "  EndTime    = ", $token->endTime, "\n";
  print "  SessionKey = ", $token->sessionKey, "\n";
  print "  Kvno       = ", $token->kvno, "\n";
  print "  TicketLen  = ", $token->ticketLen, "\n";
  print "  Ticket     = ", $token->ticket, "\n";
  print "  String     = ", $token->string, "\n";

  $service = AFS::KTC_PRINCIPAL->new("afs","",localcell);
  ($token, $user) = AFS::KTC_TOKEN->GetToken($service);
  AFS::KTC_TOKEN->ForgetAllTokens();
  AFS::KTC_TOKEN->SetToken($service, $token, $user, 0);

  my $string = $token->string;
  $token = AFS::KTC_TOKEN->FromString($string);
  print "  StartTime  = ", $token->startTime, "\n";
  print "  EndTime    = ", $token->endTime, "\n";

  my $user = AFS::KTC_PRINCIPAL->new('nog','',localcell);
  my $key  = AFS::KTC_EKEY->ReadPassword('nog Password:');
  my $ok   = AFS::KTC_TOKEN->GetAuthToken($user, $key, 600);

  $service = AFS::KTC_PRINCIPAL->new("afs","",localcell);
  $token   = AFS::KTC_TOKEN->GetServerToken($service, 600, 1);

  $user  = AFS::KTC_PRINCIPAL->new('nog','',localcell);
  $key   = AFS::KTC_EKEY->ReadPassword('nog Password:');
  $token = AFS::KTC_TOKEN->GetAdminToken($user, $key, 300);

  $user     = AFS::KTC_PRINCIPAL->new('nog');
  $password = AFS::KTC_EKEY->UserReadPassword("Password:");

  my $pwexp  = 0;
  my $reason = '';
  $ok = AFS::KTC_TOKEN->UserAuthenticateGeneral($user, $password, 300,
            &AFS::KA_USERAUTH_VERSION | &AFS::KA_USERAUTH_DOSETPAG, $pwexp, $reason);

  AFS::KTC_TOKEN->ForgetAllTokens();

=head1 DESCRIPTION

This class provides methods to handle the B<AFS structure ktc_token>.
This structure contains information about tokens and is used in
the I<Kernel Token Cache> (KTC), which is part of the Cache Manager.

It is used to create, modify, and retrieve B<ktc_token> instances for
different services.  It has methods to retrieve and to reset the
B<ktc_token> attributes.  In order to make proper usage of these methods
it is necessary to have access to AFS::KTC_PRINCIPAL objects and to
AFS::KTC_EKEY objects.

=head1 COMPATIBILITY

B<This release does NOT support any features and interfaces
from version 1.>

=head1 OBJECT ATTRIBUTES

=over 4

=item B<startTime>

Starting date of the token.

=item B<endTime>

Expiration date of the token.

=item B<sessionKey>

Session encryption key of the token.

=item B<kvno>

Key version number associated with the Session encryption key.

=item B<ticketLen>

The length in bytes of the data stored in the attribute 'ticket'.

=item B<ticket>

The server ticket to use for the principal.

=back

=head1 METHODS

=over 4

=item B<CONSTRUCTOR>

=item S< >

=item B<$ok = AFS::KTC_TOKEN-E<gt>GetAuthToken(USER, EKEY, LIFE [, PWEXP]);>

Creates a token for the service KA_TICKET_GRANTING_SERVICE (a ticket
granting ticket, TGT) for a particular USER and saves it in the memory
(kernel token cache).  EKEY contains the user's encryption key and
LIFE indicates how long the token will be valid (in seconds, given in
5 minute intervals).  If PWEXP (default -1) is given it returns the
number of days till the password expires. USER must be an instance of
AFS::KTC_PRINCIPAL and EKEY an instance of AFS::KTC_EKEY. B<This
method must be performed first before you can get any service token
(method GetServerToken)>.  This method calls the AFS system library
function 'ka_GetAuthToken'.

=item B<$token = AFS::KTC_TOKEN-E<gt>GetServerToken(SERVICE, LIFE [, NEWTK]);>

Returns a token for the specified SERVICE.  LIFE indicates how long
the token will be valid (in seconds, given in 5 minute intervals). If
NEWTK is set to 1 (default), then the function should get a new token
if necessary. SERVICE must be an instance of AFS::KTC_PRINCIPAL.  It
requires that you already possess a TGT (method GetAuthToken).  It
calls the AFS system library function 'ka_GetServerToken'.

=item B<$token = AFS::KTC_TOKEN-E<gt>GetAdminToken(USER, EKEY, LIFE [, NEWTK [, REASON]]);>

Creates an administration token for the specified USER. It saves the
token in the memory (kernel token cache) and additionally it returns
the token.  EKEY contains the encryption key and LIFE indicates how

pod/v2/afsperlktct.pod  view on Meta::CPAN 

get a new token if necessary.  On error the error message is returned
in REASON. USER must be an instance of AFS::KTC_PRINCIPAL and EKEY an
instance of AFS::KTC_EKEY.  It calls the AFS system library function
'ka_GetAdminToken'.

=item B<$token = AFS::KTC_TOKEN-E<gt>nulltoken;>

Returns a NULL token. This token is only for use with the KAS methods
C<AuthServerConn> and C<SingleServerConn>. Do not use it with any other
methods or functions.

=item B<CLASS METHODS>

=item S< >

=item B<($token, $user) = AFS::KTC_TOKEN-E<gt>GetToken(SERVICE);>

Returns the token $token and the principal $user for the specified
principal SERVICE.  It calls the AFS system library function
'ktc_GetToken'.

=item B<$ok = AFS::KTC_TOKEN-E<gt>SetToken(SERVICE, TOKEN, USER [, FLAGS]);>

Stores the TOKEN for the given principal SERVICE and the given
principal USER in the memory (kernel token cache). Possible Flags are
C<AFS_SETTOK_SETPAG> and C<AFS_SETTOK_LOGON>.  It calls the AFS system
library function 'ktc_SetToken'.

=item B<$ok = AFS::KTC_TOKEN-E<gt>UserAuthenticateGeneral(USER, PASSWORD, LIFE, FLAGS [, PWEXP [, REASON]]);>

Undertakes all necessary steps for a complete authentication of
principal USER.  It converts the string PASSWORD (the cleartext
password) for the principal USER to an encryption key. Then it creates
a TGT token. After that it asks for a service token for service I<AFS>
with a life time of LIFE (in seconds, given in 5 minute intervals).
Finally it saves the service token in the memory (kernel token cache).

Possible values for FLAGS are C<KA_USERAUTH_VERSION> and
C<KA_USERAUTH_DOSETPAG>.  If PWEXP (default -1) is given it returns the
number of days till the password expires.  On error the error message
is returned in REASON. It calls the AFS system library function
'ka_UserAuthenticateGeneral'.

=item B<$ok = AFS::KTC_TOKEN-E<gt>ForgetAllTokens;>

Discards all of the issuer's tokens.  It calls the AFS system library
function 'ktc_ForgetAllTokens'.

=item B<$token = AFS::KTC_TOKEN-E<gt>FromString(STRING);>

Returns a recovered token from STRING. This STRING was previously
generated with the instance method '$token-E<gt>string'.

=item B<ATTRIBUTES ACCESS>

=item S< >

=item B<$token-E<gt>ATTRIBUTE;>

Retrieves the value for the specified object attribute, where ATTRIBUTE
is one of the above listed object attributes (e.g. C<startTime>).

=item B<INSTANCE METHODS>

=item S< >

=item B<$token-E<gt>string;>

Returns the whole token as a C<string>.

=back

=head1 CURRENT AUTHOR

Norbert E. Gruener E<lt>nog@MPA-Garching.MPG.deE<gt>

=head1 AUTHOR EMERITUS

Roland Schemers E<lt>schemers@slapshot.stanford.eduE<gt>

=head1 COPYRIGHT AND LICENSE

 Copyright (c) 2001-2010 Norbert E. Gruener <nog@MPA-Garching.MPG.de>.
 All rights reserved.

 Copyright (c) 1994 Board of Trustees, Leland Stanford Jr. University.
 All rights reserved.

Most of the explanations in this document are taken from the original
AFS documentation.

 AFS-3 Programmer's Reference:
 Authentication Server Interface
 Edward R. Zayas
 Copyright (c) 1991 Transarc Corporation.
 All rights reserved.

 IBM AFS Administration Reference
 Copyright (c) IBM Corporation 2000.
 All rights reserved.

This is free software; you can redistribute it and/or modify it under
the same terms as the Perl 5 programming language system itself.

=over 6

=item The original module is covered by the following copyright:

Copyright (c) 1994 Board of Trustees, Leland Stanford Jr. University

Redistribution and use in source and binary forms are permitted
provided that the above copyright notice and this paragraph are
duplicated in all such forms and that any documentation,
advertising materials, and other materials related to such
distribution and use acknowledge that the software was developed
by Stanford University.  The name of the University may not be used
to endorse or promote products derived from this software without
specific prior written permission.
THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.



( run in 0.946 second using v1.01-cache-2.11-cpan-39bf76dae61 )