1Authen::SASL::Perl::GSSUAsPeIr(3C)ontributed Perl DocumeAnuttahteino:n:SASL::Perl::GSSAPI(3)
2
3
4
6 Authen::SASL::Perl::GSSAPI - GSSAPI (Kerberosv5) Authentication class
7
9 version 2.1700
10
12 use Authen::SASL qw(Perl);
13
14 $sasl = Authen::SASL->new( mechanism => 'GSSAPI' );
15
16 $sasl = Authen::SASL->new( mechanism => 'GSSAPI',
17 callback => { pass => $mycred });
18
19 $sasl->client_start( $service, $host );
20
22 This method implements the client part of the GSSAPI SASL algorithm, as
23 described in RFC 2222 section 7.2.1 resp.
24 draft-ietf-sasl-gssapi-XX.txt.
25
26 With a valid Kerberos 5 credentials cache (aka TGT) it allows to
27 connect to service@host given as the first two parameters to
28 Authen::SASL's client_start() method. Alternatively, a GSSAPI::Cred
29 object can be passed in via the Authen::SASL callback hash using the
30 `pass' key.
31
32 Please note that this module does not currently implement a SASL
33 security layer following authentication. Unless the connection is
34 protected by other means, such as TLS, it will be vulnerable to man-in-
35 the-middle attacks. If security layers are required, then the
36 Authen::SASL::XS GSSAPI module should be used instead.
37
38 CALLBACK
39 The callbacks used are:
40
41 authname
42 The authorization identity to be used in SASL exchange
43
44 gssmech
45 The GSS mechanism to be used in the connection
46
47 pass
48 The GSS credentials to be used in the connection (optional)
49
51 #! /usr/bin/perl -w
52
53 use strict;
54 use warnings;
55
56 use Net::LDAP 0.33;
57 use Authen::SASL 2.10;
58
59 # -------- Adjust to your environment --------
60 my $adhost = 'theserver.bla.net';
61 my $ldap_base = 'dc=bla,dc=net';
62 my $ldap_filter = '(&(sAMAccountName=BLAAGROL))';
63
64 my $sasl = Authen::SASL->new(mechanism => 'GSSAPI');
65 my $ldap;
66
67 eval {
68 $ldap = Net::LDAP->new($adhost,
69 onerror => 'die')
70 or die "Cannot connect to LDAP host '$adhost': '$@'";
71 $ldap->bind(sasl => $sasl);
72 };
73
74 if ($@) {
75 chomp $@;
76 die "\nBind error : $@",
77 "\nDetailed SASL error: ", $sasl->error,
78 "\nTerminated";
79 }
80
81 print "\nLDAP bind() succeeded, working in authenticated state";
82
83 my $mesg = $ldap->search(base => $ldap_base,
84 filter => $ldap_filter);
85
86 # -------- evaluate $mesg
87
88 PROPERTIES
89 The properties used are:
90
91 maxbuf
92 The maximum buffer size for receiving cipher text
93
94 minssf
95 The minimum SSF value that should be provided by the SASL security
96 layer. The default is 0
97
98 maxssf
99 The maximum SSF value that should be provided by the SASL security
100 layer. The default is 2**31
101
102 externalssf
103 The SSF value provided by an underlying external security layer.
104 The default is 0
105
106 ssf The actual SSF value provided by the SASL security layer after the
107 SASL authentication phase has been completed. This value is read-
108 only and set by the implementation after the SASL authentication
109 phase has been completed.
110
111 maxout
112 The maximum plaintext buffer size for sending data to the peer.
113 This value is set by the implementation after the SASL
114 authentication phase has been completed and a SASL security layer
115 is in effect.
116
118 Authen::SASL, Authen::SASL::Perl
119
121 Written by Simon Wilkinson, with patches and extensions by Achim Grolms
122 and Peter Marschall.
123
124 Please report any bugs, or post any suggestions, to the perl-ldap
125 mailing list <perl-ldap@perl.org>
126
128 Copyright (c) 2006 Simon Wilkinson, Achim Grolms and Peter Marschall.
129 All rights reserved. This program is free software; you can
130 redistribute it and/or modify it under the same terms as Perl itself.
131
132
133
134perl v5.38.0 2023-08-21 Authen::SASL::Perl::GSSAPI(3)