1Authen::SASL::Perl(3) User Contributed Perl DocumentationAuthen::SASL::Perl(3)
2
3
4

NAME

6       Authen::SASL::Perl -- Perl implementation of the SASL Authentication
7       framework
8

SYNOPSIS

10        use Authen::SASL qw(Perl);
11
12        $sasl = Authen::SASL->new(
13          mechanism => 'CRAM-MD5 PLAIN ANONYMOUS',
14          callback => {
15            user => $user,
16            pass => \&fetch_password
17          }
18        );
19

DESCRIPTION

21       Authen::SASL::Perl is the pure Perl implementation of SASL mechanisms
22       in the Authen::SASL framework.
23
24       At the time of this writing it provides the client part implementation
25       for the following SASL mechanisms:
26
27       ANONYMOUS
28           The Anonymous SASL Mechanism as defined in RFC 2245 resp.  in IETF
29           Draft draft-ietf-sasl-anon-03.txt from February 2004 provides a
30           method to anonymously access internet services.
31
32           Since it does no authentication it does not need to send any
33           confidential information such as passwords in plain text over the
34           network.
35
36       CRAM-MD5
37           The CRAM-MD5 SASL Mechanism as defined in RFC2195 resp.  in IETF
38           Draft draft-ietf-sasl-crammd5-XX.txt offers a simple challenge-
39           response authentication mechanism.
40
41           Since it is a challenge-response authentication mechanism no
42           passwords are transferred in clear-text over the wire.
43
44           Due to the simplicity of the protocol CRAM-MD5 is susceptible to
45           replay and dictionary attacks, so DIGEST-MD5 should be used in
46           preferrence.
47
48       DIGEST-MD5
49           The DIGEST-MD5 SASL Mechanism as defined in RFC 2831 resp.  in IETF
50           Draft draft-ietf-sasl-rfc2831bis-XX.txt offers the HTTP Digest
51           Access Authentication as SASL mechanism.
52
53           Like CRAM-MD5 it is a challenge-response authentication method that
54           does not send plain text passwords over the network.
55
56           Compared to CRAM-MD5, DIGEST-MD5 prevents chosen plaintext attacks,
57           and permits the use of third party authentication servers, so that
58           it is recommended to use DIGEST-MD5 instead of CRAM-MD5 when
59           possible.
60
61       EXTERNAL
62           The EXTERNAL SASL mechanism as defined in RFC 2222 allows the use
63           of external authentication systems as SASL mechanisms.
64
65       GSSAPI
66           The GSSAPI SASL mechanism as defined in RFC 2222 resp. IETF Draft
67           draft-ietf-sasl-gssapi-XX.txt allows using the Generic Security
68           Service Application Program Interface [GSSAPI] KERBEROS V5 as as
69           SASL mechanism.
70
71           Although GSSAPI is a general mechanism for authentication it is
72           almost exlusively used for Kerberos 5.
73
74       LOGIN
75           The LOGIN SASL Mechanism as defined in IETF Draft
76           draft-murchison-sasl-login-XX.txt allows  the combination of
77           username and clear-text password to be used in a SASL mechanism.
78
79           It does does not provide a security layer and sends the credentials
80           in clear over the wire.  Thus this mechanism should not be used
81           without adequate security protection.
82
83       PLAIN
84           The Plain SASL Mechanism as defined in RFC 2595 resp. IETF Draft
85           draft-ietf-sasl-plain-XX.txt is another SASL mechanism that allows
86           username and clear-text password combinations in SASL environments.
87
88           Like LOGIN it sends the credentials in clear over the network and
89           should not be used without sufficient security protection.
90
91       As for server support, only PLAIN, LOGIN and DIGEST-MD5 are supported
92       at the time of this writing.
93
94       "server_new" OPTIONS is a hashref that is only relevant for DIGEST-MD5
95       for now and it supports the following options:
96
97       - no_integrity
98       - no_confidentiality
99
100       which configures how the security layers are negotiated with the client
101       (or rather imposed to the client).
102

SEE ALSO

104       Authen::SASL, Authen::SASL::Perl::ANONYMOUS,
105       Authen::SASL::Perl::CRAM_MD5, Authen::SASL::Perl::DIGEST_MD5,
106       Authen::SASL::Perl::EXTERNAL, Authen::SASL::Perl::GSSAPI,
107       Authen::SASL::Perl::LOGIN, Authen::SASL::Perl::PLAIN
108

AUTHOR

110       Peter Marschall <peter@adpm.de>
111
112       Please report any bugs, or post any suggestions, to the perl-ldap
113       mailing list <perl-ldap@perl.org>
114
116       Copyright (c) 2004-2006 Peter Marschall.  All rights reserved. This
117       document is distributed, and may be redistributed, under the same terms
118       as Perl itself.
119
120
121
122perl v5.30.1                      2020-01-29             Authen::SASL::Perl(3)
Impressum