1GSSAPI(3)             User Contributed Perl Documentation            GSSAPI(3)
2
3
4

NAME

6       GSSAPI - Perl extension providing access to the GSSAPIv2 library
7

SYNOPSIS

9         use GSSAPI;
10
11         my $targethostname = 'HTTP@moerbsen.grolmsnet.lan';
12         my $status;
13
14          TRY: {
15              my ($target, $tname, $ttl );
16              $status = GSSAPI::Name->import( $target,
17                                              $server,
18                                              GSSAPI::OID::gss_nt_hostbased_service)
19                      or last;
20              $status = $target->display($tname) or last;
21              print "\n using Name $tname";
22
23              my $ctx = GSSAPI::Context->new();
24              my $imech = GSSAPI::OID::gss_mech_krb5;
25              my $iflags = 0 ;
26              my $bindings = GSS_C_NO_CHANNEL_BINDINGS;
27              my $creds = GSS_C_NO_CREDENTIAL;
28              my $itime = 0;
29              my $itoken = q{};
30              my $otoken;
31
32              $status = $ctx->init($creds,$target,
33                                   $imech,$iflags,$itime,$bindings,$itoken,
34                                   undef, $otoken,undef,undef) or last;
35              $status = $ctx->valid_time_left($ttl) or last;
36              print "\n Security context's time to live $ttl secs";
37          }
38
39          unless ($status->major == GSS_S_COMPLETE  ) {
40             print "\nErrors: ", $status;
41          } else {
42             print "\n seems everything is fine, type klist to see the ticket\n";
43

DESCRIPTION

45       This module gives access to the routines of the GSSAPI library, as
46       described in rfc2743 and rfc2744 and implemented by the Kerberos-1.2
47       distribution from MIT.
48
49       Since 0.14 it also compiles and works with Heimdal.  Lacks of Heimdal
50       support are gss_release_oid(), gss_str_to_oid() and fail of some tests.
51       Have a look at the tests in t/ directory too see what tests fail on
52       Heimdal ( the *.t tests are just skipping them at the moment)
53
54       The API presented by this module is a mildly object oriented reinter‐
55       pretation of the C API, where opaque C structures are Perl objects, but
56       the style of function call has been left mostly untouched.  As a
57       result, most routines modify one or more of the parameters passed to
58       them, reflecting the C call-by-reference (or call-by-value-return)
59       semantics.
60
61       All users of this module are therefore strongly advised to localize all
62       usage of these routines to minimize pain if and when the API changes.
63

USAGE

65       This module wraps the GSSAPI C-Bindings. If you are new to GSSAPI it is
66       a good idea to read RFC2743 and RFC2744, the documentation requires you
67       to be familar with the concept and the wordings of GSSAPI programming.
68
69       the examples directory holds some working examples of usage:
70
71       getcred_hostbased.pl
72           gets a GSSAPI Token for a service specified on commandline.  (like
73           kgetcred on Heimdal or kvno on MIT)
74
75       gss-client.pl
76           a simple GSSAPI TCP client.
77
78       gss-server.pl
79           a simple GSSAPI TCP server.  Use both as templates if you need
80           quickhacking GSSAPI enabeled GSSAPI TCP services.
81
82       GSSAPI::Name
83
84       GSSAPI internal representation of principalname
85
86       Methods
87
88       import( $gssapinameobj, $servicename, $mechnism_oid );
89           converts stringrepresentation $servicename of service into a GSSAPI
90           internal format and stores it in $gssapiservicename.
91
92           input
93               servicename
94                   Scalar value, like 'HTTP@moerbsen.grolmsnet.lan'.
95
96               mechnism_oid
97                   Chose one of the predefines mechanism OIDs from GSSAPI::OID
98
99           output
100               $gssapinameobj
101                   GSSAPI internal representation of servicename
102
103           return value
104               returns GSSAPI::Status Object
105
106           Example:
107                    $status = GSSAPI::Name->import( $gssapinameobj,
108                                                    'HTTP@moerbsen.grolmsnet.lan',
109                                                    GSSAPI::OID::gss_nt_hostbased_service);
110
111       display($tname);
112           converts the GSSAPI internal format into a humanreadable string and
113           stores it into $tname.
114
115           output
116               humanreadable string will be stored into $tname.
117
118           return value
119               returns GSSAPI::Status Object
120
121           Example:
122                    my $tname;
123                    $status = $gssapinameobj->display($tname);
124                    die 'hmm, error...' if($status->major != GSS_S_COMPLETE );
125                    print "\n  Name is $tname";
126
127       compare( nameobj, ret)
128           Wraps gss_compare_name().
129
130           Input
131               nameobj
132                   the 2nd GSSAPI::Name to be compared to
133
134           output
135               ret
136                   value is non-zero
137                       names refer to same entity
138
139                   value is zero
140                       names refer to different entities.
141
142           return value
143               returns GSSAPI::Status Object
144
145       EXPORT
146
147         GSS_C_ACCEPT
148         GSS_C_AF_APPLETALK
149         GSS_C_AF_BSC
150         GSS_C_AF_CCITT
151         GSS_C_AF_CHAOS
152         GSS_C_AF_DATAKIT
153         GSS_C_AF_DECnet
154         GSS_C_AF_DLI
155         GSS_C_AF_DSS
156         GSS_C_AF_ECMA
157         GSS_C_AF_HYLINK
158         GSS_C_AF_IMPLINK
159         GSS_C_AF_INET
160         GSS_C_AF_LAT
161         GSS_C_AF_LOCAL
162         GSS_C_AF_NBS
163         GSS_C_AF_NS
164         GSS_C_AF_NULLADDR
165         GSS_C_AF_OSI
166         GSS_C_AF_PUP
167         GSS_C_AF_SNA
168         GSS_C_AF_UNSPEC
169         GSS_C_AF_X25
170         GSS_C_ANON_FLAG
171         GSS_C_BOTH
172         GSS_C_CALLING_ERROR_MASK
173         GSS_C_CALLING_ERROR_OFFSET
174         GSS_C_CONF_FLAG
175         GSS_C_DELEG_FLAG
176         GSS_C_EMPTY_BUFFER
177         GSS_C_GSS_CODE
178         GSS_C_INDEFINITE
179         GSS_C_INITIATE
180         GSS_C_INTEG_FLAG
181         GSS_C_MECH_CODE
182         GSS_C_MUTUAL_FLAG
183         GSS_C_NO_BUFFER
184         GSS_C_NO_CHANNEL_BINDINGS
185         GSS_C_NO_CONTEXT
186         GSS_C_NO_CREDENTIAL
187         GSS_C_NO_NAME
188         GSS_C_NO_OID
189         GSS_C_NO_OID_SET
190         GSS_C_PROT_READY_FLAG
191         GSS_C_QOP_DEFAULT
192         GSS_C_REPLAY_FLAG
193         GSS_C_ROUTINE_ERROR_MASK
194         GSS_C_ROUTINE_ERROR_OFFSET
195         GSS_C_SEQUENCE_FLAG
196         GSS_C_SUPPLEMENTARY_MASK
197         GSS_C_SUPPLEMENTARY_OFFSET
198         GSS_C_TRANS_FLAG
199         GSS_S_BAD_BINDINGS
200         GSS_S_BAD_MECH
201         GSS_S_BAD_NAME
202         GSS_S_BAD_NAMETYPE
203         GSS_S_BAD_QOP
204         GSS_S_BAD_SIG
205         GSS_S_BAD_STATUS
206         GSS_S_CALL_BAD_STRUCTURE
207         GSS_S_CALL_INACCESSIBLE_READ
208         GSS_S_CALL_INACCESSIBLE_WRITE
209         GSS_S_COMPLETE
210         GSS_S_CONTEXT_EXPIRED
211         GSS_S_CONTINUE_NEEDED
212         GSS_S_CREDENTIALS_EXPIRED
213         GSS_S_CRED_UNAVAIL
214         GSS_S_DEFECTIVE_CREDENTIAL
215         GSS_S_DEFECTIVE_TOKEN
216         GSS_S_DUPLICATE_ELEMENT
217         GSS_S_DUPLICATE_TOKEN
218         GSS_S_FAILURE
219         GSS_S_GAP_TOKEN
220         GSS_S_NAME_NOT_MN
221         GSS_S_NO_CONTEXT
222         GSS_S_NO_CRED
223         GSS_S_OLD_TOKEN
224         GSS_S_UNAUTHORIZED
225         GSS_S_UNAVAILABLE
226         GSS_S_UNSEQ_TOKEN
227
228       Exportable functions
229
230           $status = indicate_mechs($oidset)
231
232       Example
233
234          use GSSAPI qw(:all);
235
236          my $oidset;
237          my $isin = 0;
238
239          my $status = indicate_mechs( $oidset );
240          $status->major == GSS_S_COMPLETE ⎪⎪ die 'error';
241
242          $status = $oidset->contains( gss_mech_krb5_old, $isin );
243          $status->major == GSS_S_COMPLETE ⎪⎪ die 'error';
244
245          if ( $isin ) {
246            print 'Support of Kerberos 5 old mechtype';
247          } else {
248            print 'No Support of Kerberos 5 old mechtype';
249          }
250
251       Constant OIDs provided:
252
253           # Constant OIDs provided:
254           $oid = gss_nt_user_name;
255           $oid = gss_nt_machine_uid_name;
256           $oid = gss_nt_string_uid_name;
257           $oid = gss_nt_service_name;
258           $oid = gss_nt_exported_name;
259           $oid = gss_nt_service_name_v2;
260           $oid = gss_nt_krb5_name;
261           $oid = gss_nt_krb5_principal;
262           $oid = gss_mech_krb5;
263           $oid = gss_mech_krb5_old;
264           $oid = gss_mech_spnego;
265
266       All other functions are class or instance methods.
267

SEE ALSO

269       GSSAPI::Status(3p) GSSAPI::OID(3p) GSSAPI::OID::Set(3p)
270
271       RFC2743
272           Generic Security Service API Version 2 : C-bindings
273
274       RFC2744
275           Generic Security Service Application Program Interface
276
277       LWP::Authen::Negotiate
278           GSSAPI based Authentication plugin for LWP
279
280       Authen::SASL::Perl::GSSAPI
281           A SASL adapter, implementing the Authen::SASL interface, using GSS‐
282           API.pm
283
284       http://perlgssapi.sourceforge.net/
285           Holds an actual list of GSSAPI.pm authentication using modules
286
287       perl(1)
288

BUGS

290       More documentation how to use the module has to be added.
291

SUPPORT

293       See our project home at <http://perlgssapi.sourceforge.net/>
294
295       Mailinglist perlgssapi-users@lists.sourceforge.net
296

AUTHOR

298       The module ist maintained by Achim Grolms <perl@grolmsnet.de>
299
300       originally written by Philip Guenther <pguen@cpan.org>
301

THANKS TO

303       Philip Guenther
304       Leif Johansson
305       Merijn Broeren
306       Harald Joerg
307       Christopher Odenbach
308       Dax Kelson
309       Marc Lehmann
310       David Leonard
311       Florian Ragwitz
312           maintainer of Debian package
313
315       Copyright (c) 2006 Achim Grolms All rights reserved.  This program is
316       free software; you can redistribute it and/or modify it under the same
317       terms as Perl itself.
318
319       Copyright (c) 2000,2001,2005 Philip Guenther. All rights reserved.
320       This program is free software; you can redistribute it and/or modify it
321       under the same terms as Perl itself.
322
323
324
325perl v5.8.8                       2007-02-16                         GSSAPI(3)
Impressum