Authen-SASL
6 results

 view release on metacpan or  search on metacpan

Changes  view on Meta::CPAN 

Authen-SASL 2.14 -- Thu Mar 11 08:21:07 CST 2010

  * Documentation updates  [Yann Kerherve]
  * Added server API description [Yann Kerherve]
  * Bugfixes to LOGIN, PLAIN and DIGEST_MD5 [Yann Kerherve]
  * Added server support for LOGIN, PLAINaand DIGEST_MD5 [Yann Kerherve]
  * Compatiblity with Authen::SASL::XS [Yann Kerherve]

Authen-SASL 2.13 -- Thu Sep 24 17:27:47 CDT 2009

  * RT#42191 Only use pass for GSSAPI credentials if it is an object of type GSSAPI::Cred
  * RT#675 Authorization with Authen::SASL::Perl::External
  * Call client_new and server_new inside eval so further plugins can be tried before failing
  * Prefer to use Authen::SASL::XS over Authen::SASL::Cyrus

Authen-SASL 2.12 -- Mon Jun 30 21:35:21 CDT 2008

Enhancements
  * GSSAPI implement protocol according to RFC, but by default, remain compatible with cyrus sasl lib
  * DIGEST-MD5 implement channel encryption layer

lib/Authen/SASL/Perl.pod  view on Meta::CPAN 

exclusively used for Kerberos 5.


=item LOGIN

The LOGIN SASL Mechanism as defined in IETF Draft
draft-murchison-sasl-login-XX.txt allows  the
combination of username and clear-text password to be used
in a SASL mechanism.

It does not provide a security layer and sends the credentials
in clear over the wire.
Thus this mechanism should not be used without adequate security
protection.


=item PLAIN

The Plain SASL Mechanism as defined in RFC 2595 resp. IETF Draft
draft-ietf-sasl-plain-XX.txt is another SASL mechanism that allows
username and clear-text password combinations in SASL environments.

Like LOGIN it sends the credentials in clear over the network
and should not be used without sufficient security protection.

=back

As for server support, only I<PLAIN>, I<LOGIN> and I<DIGEST-MD5> are supported
at the time of this writing.

C<server_new> OPTIONS is a hashref that is only relevant for I<DIGEST-MD5> for
now and it supports the following options:

lib/Authen/SASL/Perl/DIGEST_MD5.pm  view on Meta::CPAN 

# 'qop="auth",qop="auth-int"' is the same as 'qop="auth,auth-int"

    'qop'         => $qop,
    'cipher'      => [ map { $_->{name} } @ourciphers ],
  );
  my $final_response = _response(\%response);
  $cb->($final_response);
  return;
}

sub client_step {   # $self, $server_sasl_credentials
  my ($self, $challenge) = @_;
  $self->{server_params} = \my %sparams;

  # Parse response parameters
  $self->_parse_challenge(\$challenge, server => $self->{server_params})
    or return $self->set_error("Bad challenge: '$challenge'");

  if ($self->{state} == 1) {
    # check server's `rspauth' response
    return $self->set_error("Server did not send rspauth in step 2")

lib/Authen/SASL/Perl/GSSAPI.pm  view on Meta::CPAN 

  $sasl = Authen::SASL->new( mechanism => 'GSSAPI',
 			     callback => { pass => $mycred });

  $sasl->client_start( $service, $host );

=head1 DESCRIPTION

This method implements the client part of the GSSAPI SASL algorithm,
as described in RFC 2222 section 7.2.1 resp. draft-ietf-sasl-gssapi-XX.txt.

With a valid Kerberos 5 credentials cache (aka TGT) it allows
to connect to I<service>@I<host> given as the first two parameters
to Authen::SASL's client_start() method.  Alternatively, a GSSAPI::Cred
object can be passed in via the Authen::SASL callback hash using
the `pass' key.

Please note that this module does not currently implement a SASL
security layer following authentication. Unless the connection is
protected by other means, such as TLS, it will be vulnerable to
man-in-the-middle attacks. If security layers are required, then the
L<Authen::SASL::XS> GSSAPI module should be used instead.

lib/Authen/SASL/Perl/GSSAPI.pm  view on Meta::CPAN 

=item authname

The authorization identity to be used in SASL exchange

=item gssmech

The GSS mechanism to be used in the connection

=item pass 

The GSS credentials to be used in the connection (optional)

=back


=head1 EXAMPLE

 #! /usr/bin/perl -w

 use strict;
use warnings;

lib/Authen/SASL/Perl/LOGIN.pm  view on Meta::CPAN 

=head3 Server

=over 4

=item getsecret(username)

returns the password associated with C<username>

=item checkpass(username, password)

returns true and false depending on the validity of the credentials passed
in arguments.

=back

=head1 SEE ALSO

L<Authen::SASL>,
L<Authen::SASL::Perl>

=head1 AUTHORS

lib/Authen/SASL/Perl/PLAIN.pm  view on Meta::CPAN 

The user's password to be used for authentication.

=back

=head3 Server

=over 4

=item checkpass(username, password, realm)

returns true and false depending on the validity of the credentials passed
in arguments.

=back

=head1 SEE ALSO

L<Authen::SASL>,
L<Authen::SASL::Perl>

=head1 AUTHORS



( run in 0.581 second using v1.01-cache-2.11-cpan-4d50c553e7e )