view release on metacpan or  search on metacpan

pod/v2/afsperlkas.pod  view on Meta::CPAN

  use AFS::KTC_PRINCIPAL;
  use AFS::KTC_TOKEN;
  use AFS::KTC_EKEY;

  my $admin = AFS::KTC_PRINCIPAL->new('admin');
  my $key   = AFS::KTC_EKEY->ReadPassword($admin->name."'s Password:");
  my $token = AFS::KTC_TOKEN->GetAdminToken($admin, $key, 300);
  my $kas   = AFS::KAS->AuthServerConn($token, &AFS::KA_MAINTENANCE_SERVICE);

  my $user  = AFS::KTC_PRINCIPAL->new('xyz');
  my $ukey  = AFS::KTC_EKEY->ReadPassword($user->name."'s Password:");

  my $ok = $kas->create($user->name, $user->instance, $ukey);

  my $flags    = 1;        # (1 = normal, 4 = admin)
  my $expire   = 925715000;# epoch time => 03 May 1999 07:03
  my $maxassoc = 0;
  my $lifetime = 48*60*60; #unit is secs; => 48 hrs
  my $pwexpire = 10;       #number of days
  my $pw_reuse = 2;        #pwreuse allowed: [ 2 = no ]
  my $nfail    = 4;        #(nfail - 1) tries are allowed; => 3 tries
  my $locktime = 3;        #unit is 8.5 min => 3 * (8.5)
  my $spare2   = 0;

  my $packed = (($pwexpire << 24)|($pw_reuse << 16)|($nfail << 8)|$locktime);

  $ok = $kas->setfields($user->name, $user->instance, $flags,
                        $expire, $lifetime, $maxassoc, $packed);

  my $entry = $kas->getentry($user->name, $user->instance);
  $packed   = $$entry{'misc_auth_bytes'};
  $pwexpire = (($packed >> 24) & 0xff);
  $is_lockd = (($packed >> 16) & 0xff);
  $nfail    = (($packed >>  8) & 0xff);
  $locktime = (($packed >>  0) & 0xff);
  $pw_reuse = $$entry{'passwd_reuse'} - 0x12340000;

  $kas->DESTROY;           # destroy server connection

=head1 DESCRIPTION

This class is used to communicate with the B<AFS Authentication
Server>.  It verifies user identities and provides the facilities
through which participants in transactions prove their identities to
one another (mutually authenticate). It maintains the Authentication
Database, in which it stores user passwords converted into encryption
key form as well as the AFS server encryption key.  It has methods to
query the information held for any given AFS user and to create,
modify, and delete the records in the DB where the above information
is held.

Before you can access any DB record you must establish a connection to
the Authentication Server.  This is done by the constructor methods
I<SingleServerConn> and I<AuthServerConn> which return a KAS object.  A
KAS object is essentially a handle to talk to an Authentication Server
in a given cell.  Such a KAS object is required before any of the
other KAS instance methods can be called.

=head1 COMPATIBILITY

B<This release does NOT support any features and interfaces
from version 1.>

=head1 METHODS

=over 4

=item B<CONSTRUCTOR>

=item S< >

=item B<$kas = AFS::KAS-E<gt>AuthServerConn(TOKEN, SERVICE [, CELL]);>

Creates a new object of the class AFS::KAS and establishes connections
to all the Authentication Servers in a given CELL (default null).  An
AFS::KAS object is essentially a handle to talk to the Authentication
Server.  Internally an AFS::KAS object is a pointer to a ubik_client
structure, although this may change and the value returned should always
be treaded as an opaque handle.  A TOKEN may or may not be needed
depending on the SERVICE.  TOKEN must be an instance of AFS::KTC_TOKEN.
Possible values for SERVICE are

   &AFS::KA_MAINTENANCE_SERVICE
   &AFS::KA_AUTHENTICATION_SERVICE
   &AFS::KA_TICKET_GRANTING_SERVICE

It calls the AFS system library function 'ka_AuthServerConn'.

=item B<$kas = AFS::KAS-E<gt>SingleServerConn(HOST, TOKEN, SERVICE [, CELL]);>

Creates a new object of the class AFS::KAS and establishes a connection
to only one Authentication Server running on HOST in a given CELL
(default null).  An AFS::KAS object is essentially a handle to talk to
the Authentication Server.  Internally an AFS::KAS object is a pointer
to a ubik_client structure, although this may change and the value
returned should always be treaded as an opaque handle.  A TOKEN may or
may not be needed depending on the SERVICE.  TOKEN must be an instance
of AFS::KTC_TOKEN.  Possible values for SERVICE are

   &AFS::KA_MAINTENANCE_SERVICE

It calls the AFS system library function 'ka_SingleServerConn'.

=item B<DESTRUCTOR>

=item S< >

=item B<$kas-E<gt>DESTROY;>

Destroys the ubik connection to the Authentication Server and frees the
ubik connection structure.

=item B<INSTANCE METHODS>

Nearly all instance methods come in two flavors. The KAM_* methods
are essentially the same as the low-level AFS KAS APIs.  The other
methods are simply just wrappers around the KAM_* methods.  These have
been introduced in order to offer a more perlish interface :-)

=item S< >