Authen::SASL::Perl::GSSAPI(3pm)

1Authen::SASL::Perl::GSSUAsPeIr(3C)ontributed Perl DocumeAnuttahteino:n:SASL::Perl::GSSAPI(3)
2
3
4

NAME

6       Authen::SASL::Perl::GSSAPI - GSSAPI (Kerberosv5) Authentication class
7

VERSION

9       version 2.1700
10

SYNOPSIS

12         use Authen::SASL qw(Perl);
13
14         $sasl = Authen::SASL->new( mechanism => 'GSSAPI' );
15
16         $sasl = Authen::SASL->new( mechanism => 'GSSAPI',
17                                    callback => { pass => $mycred });
18
19         $sasl->client_start( $service, $host );
20

DESCRIPTION

22       This method implements the client part of the GSSAPI SASL algorithm, as
23       described in RFC 2222 section 7.2.1 resp.
24       draft-ietf-sasl-gssapi-XX.txt.
25
26       With a valid Kerberos 5 credentials cache (aka TGT) it allows to
27       connect to service@host given as the first two parameters to
28       Authen::SASL's client_start() method.  Alternatively, a GSSAPI::Cred
29       object can be passed in via the Authen::SASL callback hash using the
30       `pass' key.
31
32       Please note that this module does not currently implement a SASL
33       security layer following authentication. Unless the connection is
34       protected by other means, such as TLS, it will be vulnerable to man-in-
35       the-middle attacks. If security layers are required, then the
36       Authen::SASL::XS GSSAPI module should be used instead.
37
38   CALLBACK
39       The callbacks used are:
40
41       authname
42           The authorization identity to be used in SASL exchange
43
44       gssmech
45           The GSS mechanism to be used in the connection
46
47       pass
48           The GSS credentials to be used in the connection (optional)
49

EXAMPLE

51        #! /usr/bin/perl -w
52
53        use strict;
54       use warnings;
55
56        use Net::LDAP 0.33;
57        use Authen::SASL 2.10;
58
59        # -------- Adjust to your environment --------
60        my $adhost      = 'theserver.bla.net';
61        my $ldap_base   = 'dc=bla,dc=net';
62        my $ldap_filter = '(&(sAMAccountName=BLAAGROL))';
63
64        my $sasl = Authen::SASL->new(mechanism => 'GSSAPI');
65        my $ldap;
66
67        eval {
68            $ldap = Net::LDAP->new($adhost,
69                                   onerror => 'die')
70              or  die "Cannot connect to LDAP host '$adhost': '$@'";
71            $ldap->bind(sasl => $sasl);
72        };
73
74        if ($@) {
75            chomp $@;
76            die   "\nBind error         : $@",
77                  "\nDetailed SASL error: ", $sasl->error,
78                  "\nTerminated";
79        }
80
81        print "\nLDAP bind() succeeded, working in authenticated state";
82
83        my $mesg = $ldap->search(base   => $ldap_base,
84                                 filter => $ldap_filter);
85
86        # -------- evaluate $mesg
87
88   PROPERTIES
89       The properties used are:
90
91       maxbuf
92           The maximum buffer size for receiving cipher text
93
94       minssf
95           The minimum SSF value that should be provided by the SASL security
96           layer.  The default is 0
97
98       maxssf
99           The maximum SSF value that should be provided by the SASL security
100           layer.  The default is 2**31
101
102       externalssf
103           The SSF value provided by an underlying external security layer.
104           The default is 0
105
106       ssf The actual SSF value provided by the SASL security layer after the
107           SASL authentication phase has been completed. This value is read-
108           only and set by the implementation after the SASL authentication
109           phase has been completed.
110
111       maxout
112           The maximum plaintext buffer size for sending data to the peer.
113           This value is set by the implementation after the SASL
114           authentication phase has been completed and a SASL security layer
115           is in effect.
116

AUTHORS

121       Written by Simon Wilkinson, with patches and extensions by Achim Grolms
122       and Peter Marschall.
123
124       Please report any bugs, or post any suggestions, to the perl-ldap
125       mailing list <perl-ldap@perl.org>
126

COPYRIGHT

128       Copyright (c) 2006 Simon Wilkinson, Achim Grolms and Peter Marschall.
129       All rights reserved. This program is free software; you can
130       redistribute it and/or modify it under the same terms as Perl itself.
131
132
133
134perl v5.38.0                      2023-08-21     Authen::SASL::Perl::GSSAPI(3)