1LWP::Authen::Negotiate(U3s)er Contributed Perl DocumentatLiWoPn::Authen::Negotiate(3)
2
3
4
6 LWP::Authen::Negotiate - GSSAPI based Authentication Plugin for LWP
7
9 #! /usr/bin/perl -w
10
11 use strict;
12 require LWP::UserAgent;
13
14 # uncomment if you want see what is going wrong messages
15 #
16 #use LWP::Debug qw(+);
17
18 my $ua = LWP::UserAgent->new;
19 my $response = $ua->get('http://testwurst.grolmsnet.lan:8090/geheim/');
20 if ($response->is_success) {
21 print $response->content; # or whatever
22 }
23 else {
24 die $response->status_line;
25 }
26
27 just install LWP::Authen::Negotiate, LWP uses it as authentication
28 plugin. Use your LWP::UserAgent Scripts as usual. Authentication is
29 done transparent based on your GSSAPI installation (MIT Kerberos or
30 Heimdal)
31
32 WWW-Negotiate Webservers are IIS or Apache with mod_auth_kerb for
33 example.
34
36 To see what ist going on add
37
38 use LWP::Debug qw(+);
39
40 to yor LWP using Scripts.
41
42 (e.g. too see what is going wrong with GSSAPI...)
43
45 To see what ist going on (and going wrong) add
46
47 use LWP::Debug qw(+);
48
49 to yor LWP using Scripts.
50
51 (e.g. too see what is going wrong with GSSAPI...)
52
53 the output will look like this:
54
55 LWP::UserAgent::new: ()
56 LWP::UserAgent::request: ()
57 LWP::UserAgent::send_request: GET http://testwurst.grolmsnet.lan:8090/geheim/
58 LWP::UserAgent::_need_proxy: Not proxied
59 LWP::Protocol::http::request: ()
60 LWP::Protocol::collect: read 478 bytes
61 LWP::UserAgent::request: Simple response: Unauthorized
62 LWP::Authen::Negotiate::authenticate: authenticate() called
63 LWP::Authen::Negotiate::authenticate: target hostname testwurst.grolmsnet.lan
64 LWP::Authen::Negotiate::authenticate: GSSAPI servicename HTTP/moerbsen.grolmsnet.lan@GROLMSNET.LAN
65 LWP::Authen::Negotiate::authenticate: Miscellaneous failure (see text)
66 LWP::Authen::Negotiate::authenticate: open(/tmp/krb5cc_1000): file not found
67
68 In this case the credentials cache was empty. Run kinit first ;-)
69
71 LWP_AUTHEN_NEGOTIATE_DELEGATE
72 Define to enable ticket forwarding to webserver.
73
74 LWP_AUTHEN_NEGOTIATE_MUTUAL
75 Define to enable a mutual authentication with the webserver.
76
78 http://www.kerberosprotocols.org/index.php/Draft-brezak-spnego-http-03.txt
79 Description of WWW-Negotiate protol
80
81 http://modauthkerb.sourceforge.net/
82 the Kerberos and SPNEGO Authentication module for Apache
83 mod_auth_kerb
84
85 http://perlgssapi.sourceforge.net/
86 Module Homepage
87
88 http://www.kerberosprotocols.org/index.php/Web
89 Sofware and APIs related to WWW-Negotiate
90
91 http://www.grolmsnet.de/kerbtut/
92 describes how to let mod_auth_kerb play together with Internet
93 Explorer and Windows2003 Server
94
96 As default Kerberos 5 is selected as GSSAPI mechanism. a later veriosn
97 will make that configureable.
98
100 Achim Grolms, <achim@grolmsnet.de>
101
102 http://perlgssapi.sourceforge.net/
103
104 Thanks to
105
106 Leif Johansson
107 who has conributed a lot of code from his implementation of the
108 module and send a lot of input, ideas and feedback
109
110 Harald Joerg
111 helped with Kerberos knowledge and does testing on cygwin against
112 IIS and mod_auth_kerb
113
114 Christopher Odenbach
115 does a lot of testing on Linux and Solaris
116
117 Dax Kelson
118 does a lot of testing on Linux
119
120 Karsten Kuenne
121 helped with advice
122
124 Copyright (C) 2006 by Achim Grolms <perl@grolmsnet.de>
125
126 This library is free software; you can redistribute it and/or modify it
127 under the same terms as Perl itself, either Perl version 5.8.4 or, at
128 your option, any later version of Perl 5 you may have available.
129
130
131
132perl v5.32.1 2021-01-27 LWP::Authen::Negotiate(3)