1Authen::SASL::Perl(3) User Contributed Perl DocumentationAuthen::SASL::Perl(3)
2
6 Authen::SASL::Perl -- Perl implementation of the SASL Authentication
7 framework
8
10 use Authen::SASL qw(Perl);
11 $sasl = Authen::SASL->new(
13 mechanism => 'CRAM-MD5 PLAIN ANONYMOUS',
14 callback => {
15 user => $user,
16 pass => \&fetch_password
17 }
18 );
19
21 Authen::SASL::Perl is the pure Perl implementation of SASL mechanisms
22 in the Authen::SASL framework.
23 At the time of this writing it provides the client part implementation
25 for the following SASL mechanisms:
26 ANONYMOUS
28 The Anonymous SASL Mechanism as defined in RFC 2245 resp. in IETF
29 Draft draft-ietf-sasl-anon-03.txt from February 2004 provides a
30 method to anonymously access internet services.
31 Since it does no authentication it does not need to send any
33 confidential information such as passwords in plain text over the
34 network.
35 CRAM-MD5
37 The CRAM-MD5 SASL Mechanism as defined in RFC2195 resp. in IETF
38 Draft draft-ietf-sasl-crammd5-XX.txt offers a simple challenge-
39 response authentication mechanism.
40 Since it is a challenge-response authentication mechanism no
42 passwords are transferred in clear-text over the wire.
43 Due to the simplicity of the protocol CRAM-MD5 is susceptible to
45 replay and dictionary attacks, so DIGEST-MD5 should be used in
46 preferrence.
47 DIGEST-MD5
49 The DIGEST-MD5 SASL Mechanism as defined in RFC 2831 resp. in IETF
50 Draft draft-ietf-sasl-rfc2831bis-XX.txt offers the HTTP Digest
51 Access Authentication as SASL mechanism.
52 Like CRAM-MD5 it is a challenge-response authentication method that
54 does not send plain text passwords over the network.
55 Compared to CRAM-MD5, DIGEST-MD5 prevents chosen plaintext attacks,
57 and permits the use of third party authentication servers, so that
58 it is recommended to use DIGEST-MD5 instead of CRAM-MD5 when
59 possible.
60 EXTERNAL
62 The EXTERNAL SASL mechanism as defined in RFC 2222 allows the use
63 of external authentication systems as SASL mechanisms.
64 GSSAPI
66 The GSSAPI SASL mechanism as defined in RFC 2222 resp. IETF Draft
67 draft-ietf-sasl-gssapi-XX.txt allows using the Generic Security
68 Service Application Program Interface [GSSAPI] KERBEROS V5 as as
69 SASL mechanism.
70 Although GSSAPI is a general mechanism for authentication it is
72 almost exlusively used for Kerberos 5.
73 LOGIN
75 The LOGIN SASL Mechanism as defined in IETF Draft
76 draft-murchison-sasl-login-XX.txt allows the combination of
77 username and clear-text password to be used in a SASL mechanism.
78 It does does not provide a security layer and sends the credentials
80 in clear over the wire. Thus this mechanism should not be used
81 without adequate security protection.
82 PLAIN
84 The Plain SASL Mechanism as defined in RFC 2595 resp. IETF Draft
85 draft-ietf-sasl-plain-XX.txt is another SASL mechanism that allows
86 username and clear-text password combinations in SASL environments.
87 Like LOGIN it sends the credentials in clear over the network and
89 should not be used without sufficient security protection.
90
92 Authen::SASL, Authen::SASL::Perl::ANONYMOUS,
93 Authen::SASL::Perl::CRAM_MD5, Authen::SASL::Perl::DIGEST_MD5,
94 Authen::SASL::Perl::EXTERNAL, Authen::SASL::Perl::GSSAPI,
95 Authen::SASL::Perl::LOGIN, Authen::SASL::Perl::PLAIN
96
98 Peter Marschall <peter@adpm.de>
99 Please report any bugs, or post any suggestions, to the perl-ldap
101 mailing list <perl-ldap@perl.org>
102
104 Copyright (c) 2004-2006 Peter Marschall. All rights reserved. This
105 document is distributed, and may be redistributed, under the same terms
106 as Perl itself.
107perl v5.12.0 2009-09-24 Authen::SASL::Perl(3)