1Authen::SASL::Perl(3) User Contributed Perl DocumentationAuthen::SASL::Perl(3)
2
3
4
6 Authen::SASL::Perl -- Perl implementation of the SASL Authentication
7 framework
8
10 version 2.1700
11
13 use Authen::SASL qw(Perl);
14
15 $sasl = Authen::SASL->new(
16 mechanism => 'CRAM-MD5 PLAIN ANONYMOUS',
17 callback => {
18 user => $user,
19 pass => \&fetch_password
20 }
21 );
22
24 Authen::SASL::Perl is the pure Perl implementation of SASL mechanisms
25 in the Authen::SASL framework.
26
27 At the time of this writing it provides the client part implementation
28 for the following SASL mechanisms:
29
30 ANONYMOUS
31 The Anonymous SASL Mechanism as defined in RFC 2245 resp. in IETF
32 Draft draft-ietf-sasl-anon-03.txt from February 2004 provides a
33 method to anonymously access internet services.
34
35 Since it does no authentication it does not need to send any
36 confidential information such as passwords in plain text over the
37 network.
38
39 CRAM-MD5
40 The CRAM-MD5 SASL Mechanism as defined in RFC2195 resp. in IETF
41 Draft draft-ietf-sasl-crammd5-XX.txt offers a simple challenge-
42 response authentication mechanism.
43
44 Since it is a challenge-response authentication mechanism no
45 passwords are transferred in clear-text over the wire.
46
47 Due to the simplicity of the protocol CRAM-MD5 is susceptible to
48 replay and dictionary attacks, so DIGEST-MD5 should be used in
49 preference.
50
51 DIGEST-MD5
52 The DIGEST-MD5 SASL Mechanism as defined in RFC 2831 resp. in IETF
53 Draft draft-ietf-sasl-rfc2831bis-XX.txt offers the HTTP Digest
54 Access Authentication as SASL mechanism.
55
56 Like CRAM-MD5 it is a challenge-response authentication method that
57 does not send plain text passwords over the network.
58
59 Compared to CRAM-MD5, DIGEST-MD5 prevents chosen plaintext attacks,
60 and permits the use of third party authentication servers, so that
61 it is recommended to use DIGEST-MD5 instead of CRAM-MD5 when
62 possible.
63
64 EXTERNAL
65 The EXTERNAL SASL mechanism as defined in RFC 2222 allows the use
66 of external authentication systems as SASL mechanisms.
67
68 GSSAPI
69 The GSSAPI SASL mechanism as defined in RFC 2222 resp. IETF Draft
70 draft-ietf-sasl-gssapi-XX.txt allows using the Generic Security
71 Service Application Program Interface [GSSAPI] KERBEROS V5 as a
72 SASL mechanism.
73
74 Although GSSAPI is a general mechanism for authentication it is
75 almost exclusively used for Kerberos 5.
76
77 LOGIN
78 The LOGIN SASL Mechanism as defined in IETF Draft
79 draft-murchison-sasl-login-XX.txt allows the combination of
80 username and clear-text password to be used in a SASL mechanism.
81
82 It does not provide a security layer and sends the credentials in
83 clear over the wire. Thus this mechanism should not be used
84 without adequate security protection.
85
86 PLAIN
87 The Plain SASL Mechanism as defined in RFC 2595 resp. IETF Draft
88 draft-ietf-sasl-plain-XX.txt is another SASL mechanism that allows
89 username and clear-text password combinations in SASL environments.
90
91 Like LOGIN it sends the credentials in clear over the network and
92 should not be used without sufficient security protection.
93
94 As for server support, only PLAIN, LOGIN and DIGEST-MD5 are supported
95 at the time of this writing.
96
97 "server_new" OPTIONS is a hashref that is only relevant for DIGEST-MD5
98 for now and it supports the following options:
99
100 - no_integrity
101 - no_confidentiality
102
103 which configures how the security layers are negotiated with the client
104 (or rather imposed to the client).
105
107 Authen::SASL, Authen::SASL::Perl::ANONYMOUS,
108 Authen::SASL::Perl::CRAM_MD5, Authen::SASL::Perl::DIGEST_MD5,
109 Authen::SASL::Perl::EXTERNAL, Authen::SASL::Perl::GSSAPI,
110 Authen::SASL::Perl::LOGIN, Authen::SASL::Perl::PLAIN
111
113 Peter Marschall <peter@adpm.de>
114
115 Please report any bugs, or post any suggestions, to the perl-ldap
116 mailing list <perl-ldap@perl.org>
117
119 Copyright (c) 2004-2006 Peter Marschall. All rights reserved. This
120 document is distributed, and may be redistributed, under the same terms
121 as Perl itself.
122
123
124
125perl v5.38.0 2023-08-21 Authen::SASL::Perl(3)