1GSSAPI(3) User Contributed Perl Documentation GSSAPI(3)
2
3
4
6 GSSAPI - Perl extension providing access to the GSSAPIv2 library
7
9 use GSSAPI;
10
11 my $targethostname = 'HTTP@moerbsen.grolmsnet.lan';
12 my $status;
13
14
15
16 TRY: {
17 my ($target, $tname, $ttl );
18 $status = GSSAPI::Name->import( $target,
19 $server,
20 GSSAPI::OID::gss_nt_hostbased_service)
21 or last;
22 $status = $target->display($tname) or last;
23 print "\n using Name $tname";
24
25 my $ctx = GSSAPI::Context->new();
26 my $imech = GSSAPI::OID::gss_mech_krb5;
27 my $iflags = 0 ;
28 my $bindings = GSS_C_NO_CHANNEL_BINDINGS;
29 my $creds = GSS_C_NO_CREDENTIAL;
30 my $itime = 0;
31 my $itoken = q{};
32 my $otoken;
33
34 $status = $ctx->init($creds,$target,
35 $imech,$iflags,$itime,$bindings,$itoken,
36 undef, $otoken,undef,undef) or last;
37 $status = $ctx->valid_time_left($ttl) or last;
38 print "\n Security context's time to live $ttl secs";
39 }
40
41 unless ($status->major == GSS_S_COMPLETE ) {
42 print "\nErrors: ", $status;
43 } else {
44 print "\n seems everything is fine, type klist to see the ticket\n";
45
47 This module gives access to the routines of the GSSAPI library, as
48 described in rfc2743 and rfc2744 and implemented by the Kerberos-1.2
49 distribution from MIT.
50
51 Since 0.14 it also compiles and works with Heimdal. Lacks of Heimdal
52 support are gss_release_oid(), gss_str_to_oid() and fail of some tests.
53 Have a look at the tests in t/ directory too see what tests fail on
54 Heimdal ( the *.t tests are just skipping them at the moment)
55
56 The API presented by this module is a mildly object oriented
57 reinterpretation of the C API, where opaque C structures are Perl
58 objects, but the style of function call has been left mostly untouched.
59 As a result, most routines modify one or more of the parameters passed
60 to them, reflecting the C call-by-reference (or call-by-value-return)
61 semantics.
62
63 All users of this module are therefore strongly advised to localize all
64 usage of these routines to minimize pain if and when the API changes.
65
67 This module wraps the GSSAPI C-Bindings. If you are new to GSSAPI it is
68 a good idea to read RFC2743 and RFC2744, the documentation requires you
69 to be familar with the concept and the wordings of GSSAPI programming.
70
71 the examples directory holds some working examples of usage:
72
73 getcred_hostbased.pl
74 gets a GSSAPI Token for a service specified on commandline. (like
75 kgetcred on Heimdal or kvno on MIT)
76
77 gss-client.pl
78 a simple GSSAPI TCP client.
79
80 gss-server.pl
81 a simple GSSAPI TCP server. Use both as templates if you need
82 quickhacking GSSAPI enabeled GSSAPI TCP services.
83
84 GSSAPI::Name
85 GSSAPI internal representation of principalname
86
87 Methods
88
89 import( $gssapinameobj, $servicename, $mechnism_oid );
90 converts stringrepresentation $servicename of service into a GSSAPI
91 internal format and stores it in $gssapiservicename.
92
93 input
94 servicename
95 Scalar value, like 'HTTP@moerbsen.grolmsnet.lan'.
96
97 mechnism_oid
98 Chose one of the predefines mechanism OIDs from GSSAPI::OID
99
100 output
101 $gssapinameobj
102 GSSAPI internal representation of servicename
103
104 return value
105 returns GSSAPI::Status Object
106
107 Example:
108 $status = GSSAPI::Name->import( $gssapinameobj,
109 'HTTP@moerbsen.grolmsnet.lan',
110 GSSAPI::OID::gss_nt_hostbased_service);
111
112 display($tname);
113 converts the GSSAPI internal format into a humanreadable string and
114 stores it into $tname.
115
116 output
117 humanreadable string will be stored into $tname.
118
119 return value
120 returns GSSAPI::Status Object
121
122 Example:
123 my $tname;
124 $status = $gssapinameobj->display($tname);
125 die 'hmm, error...' if($status->major != GSS_S_COMPLETE );
126 print "\n Name is $tname";
127
128 compare( nameobj, ret)
129 Wraps gss_compare_name().
130
131 Input
132 nameobj
133 the 2nd GSSAPI::Name to be compared to
134
135 output
136 ret
137 value is non-zero
138 names refer to same entity
139
140 value is zero
141 names refer to different entities.
142
143 return value
144 returns GSSAPI::Status Object
145
146 EXPORT
147 GSS_C_ACCEPT
148 GSS_C_AF_APPLETALK
149 GSS_C_AF_BSC
150 GSS_C_AF_CCITT
151 GSS_C_AF_CHAOS
152 GSS_C_AF_DATAKIT
153 GSS_C_AF_DECnet
154 GSS_C_AF_DLI
155 GSS_C_AF_DSS
156 GSS_C_AF_ECMA
157 GSS_C_AF_HYLINK
158 GSS_C_AF_IMPLINK
159 GSS_C_AF_INET
160 GSS_C_AF_LAT
161 GSS_C_AF_LOCAL
162 GSS_C_AF_NBS
163 GSS_C_AF_NS
164 GSS_C_AF_NULLADDR
165 GSS_C_AF_OSI
166 GSS_C_AF_PUP
167 GSS_C_AF_SNA
168 GSS_C_AF_UNSPEC
169 GSS_C_AF_X25
170 GSS_C_ANON_FLAG
171 GSS_C_BOTH
172 GSS_C_CALLING_ERROR_MASK
173 GSS_C_CALLING_ERROR_OFFSET
174 GSS_C_CONF_FLAG
175 GSS_C_DELEG_FLAG
176 GSS_C_EMPTY_BUFFER
177 GSS_C_GSS_CODE
178 GSS_C_INDEFINITE
179 GSS_C_INITIATE
180 GSS_C_INTEG_FLAG
181 GSS_C_MECH_CODE
182 GSS_C_MUTUAL_FLAG
183 GSS_C_NO_BUFFER
184 GSS_C_NO_CHANNEL_BINDINGS
185 GSS_C_NO_CONTEXT
186 GSS_C_NO_CREDENTIAL
187 GSS_C_NO_NAME
188 GSS_C_NO_OID
189 GSS_C_NO_OID_SET
190 GSS_C_PROT_READY_FLAG
191 GSS_C_QOP_DEFAULT
192 GSS_C_REPLAY_FLAG
193 GSS_C_ROUTINE_ERROR_MASK
194 GSS_C_ROUTINE_ERROR_OFFSET
195 GSS_C_SEQUENCE_FLAG
196 GSS_C_SUPPLEMENTARY_MASK
197 GSS_C_SUPPLEMENTARY_OFFSET
198 GSS_C_TRANS_FLAG
199 GSS_S_BAD_BINDINGS
200 GSS_S_BAD_MECH
201 GSS_S_BAD_NAME
202 GSS_S_BAD_NAMETYPE
203 GSS_S_BAD_QOP
204 GSS_S_BAD_SIG
205 GSS_S_BAD_STATUS
206 GSS_S_CALL_BAD_STRUCTURE
207 GSS_S_CALL_INACCESSIBLE_READ
208 GSS_S_CALL_INACCESSIBLE_WRITE
209 GSS_S_COMPLETE
210 GSS_S_CONTEXT_EXPIRED
211 GSS_S_CONTINUE_NEEDED
212 GSS_S_CREDENTIALS_EXPIRED
213 GSS_S_CRED_UNAVAIL
214 GSS_S_DEFECTIVE_CREDENTIAL
215 GSS_S_DEFECTIVE_TOKEN
216 GSS_S_DUPLICATE_ELEMENT
217 GSS_S_DUPLICATE_TOKEN
218 GSS_S_FAILURE
219 GSS_S_GAP_TOKEN
220 GSS_S_NAME_NOT_MN
221 GSS_S_NO_CONTEXT
222 GSS_S_NO_CRED
223 GSS_S_OLD_TOKEN
224 GSS_S_UNAUTHORIZED
225 GSS_S_UNAVAILABLE
226 GSS_S_UNSEQ_TOKEN
227
228 Exportable functions
229 $status = indicate_mechs($oidset)
230
231 Example
232
233 use GSSAPI qw(:all);
234
235 my $oidset;
236 my $isin = 0;
237
238 my $status = indicate_mechs( $oidset );
239 $status->major == GSS_S_COMPLETE || die 'error';
240
241 $status = $oidset->contains( gss_mech_krb5_old, $isin );
242 $status->major == GSS_S_COMPLETE || die 'error';
243
244 if ( $isin ) {
245 print 'Support of Kerberos 5 old mechtype';
246 } else {
247 print 'No Support of Kerberos 5 old mechtype';
248 }
249
250 Constant OIDs provided:
251
252 # Constant OIDs provided:
253 $oid = gss_nt_user_name;
254 $oid = gss_nt_machine_uid_name;
255 $oid = gss_nt_string_uid_name;
256 $oid = gss_nt_service_name;
257 $oid = gss_nt_exported_name;
258 $oid = gss_nt_service_name_v2;
259 $oid = gss_nt_krb5_name;
260 $oid = gss_nt_krb5_principal;
261 $oid = gss_mech_krb5;
262 $oid = gss_mech_krb5_old;
263 $oid = gss_mech_spnego;
264
265 All other functions are class or instance methods.
266
268 GSSAPI::Status(3p) GSSAPI::OID(3p) GSSAPI::OID::Set(3p)
269
270 RFC2743
271 Generic Security Service API Version 2 : C-bindings
272
273 RFC2744
274 Generic Security Service Application Program Interface
275
276 LWP::Authen::Negotiate
277 GSSAPI based Authentication plugin for LWP
278
279 Authen::SASL::Perl::GSSAPI
280 A SASL adapter, implementing the Authen::SASL interface, using
281 GSSAPI.pm
282
283 http://perlgssapi.sourceforge.net/
284 Holds an actual list of GSSAPI.pm authentication using modules
285
286 perl(1)
287
289 More documentation how to use the module has to be added.
290
292 See our project home at <http://perlgssapi.sourceforge.net/>
293
294 Mailinglist perlgssapi-users@lists.sourceforge.net
295
297 The module ist maintained by Achim Grolms <perl@grolmsnet.de>
298
299 originally written by Philip Guenther <pguen@cpan.org>
300
302 Philip Guenther
303 Leif Johansson
304 Merijn Broeren
305 Harald Joerg
306 Christopher Odenbach
307 Dax Kelson
308 Marc Lehmann
309 David Leonard
310 Florian Ragwitz
311 maintainer of Debian package
312
313 Markus Moeller
314 Solaris 10 / OpenSolaris support
315
317 Copyright (c) 2006,2008 Achim Grolms. All rights reserved. This
318 program is free software; you can redistribute it and/or modify it
319 under the same terms as Perl itself.
320
321 Copyright (c) 2000,2001,2005 Philip Guenther. All rights reserved.
322 This program is free software; you can redistribute it and/or modify it
323 under the same terms as Perl itself.
324
325
326
327perl v5.12.0 2008-02-15 GSSAPI(3)