1GSSAPI(3) User Contributed Perl Documentation GSSAPI(3)
2
6 GSSAPI - Perl extension providing access to the GSSAPIv2 library
7
9 use GSSAPI;
10 my $targethostname = 'HTTP@moerbsen.grolmsnet.lan';
12 my $status;
13 TRY: {
15 my ($target, $tname, $ttl );
16 $status = GSSAPI::Name->import( $target,
17 $server,
18 GSSAPI::OID::gss_nt_hostbased_service)
19 or last;
20 $status = $target->display($tname) or last;
21 print "\n using Name $tname";
22 my $ctx = GSSAPI::Context->new();
24 my $imech = GSSAPI::OID::gss_mech_krb5;
25 my $iflags = 0 ;
26 my $bindings = GSS_C_NO_CHANNEL_BINDINGS;
27 my $creds = GSS_C_NO_CREDENTIAL;
28 my $itime = 0;
29 my $itoken = q{};
30 my $otoken;
31 $status = $ctx->init($creds,$target,
33 $imech,$iflags,$itime,$bindings,$itoken,
34 undef, $otoken,undef,undef) or last;
35 $status = $ctx->valid_time_left($ttl) or last;
36 print "\n Security context's time to live $ttl secs";
37 }
38 unless ($status->major == GSS_S_COMPLETE ) {
40 print "\nErrors: ", $status;
41 } else {
42 print "\n seems everything is fine, type klist to see the ticket\n";
43
45 This module gives access to the routines of the GSSAPI library, as
46 described in rfc2743 and rfc2744 and implemented by the Kerberos-1.2
47 distribution from MIT.
48 Since 0.14 it also compiles and works with Heimdal. Lacks of Heimdal
50 support are gss_release_oid(), gss_str_to_oid() and fail of some tests.
51 Have a look at the tests in t/ directory too see what tests fail on
52 Heimdal ( the *.t tests are just skipping them at the moment)
53 The API presented by this module is a mildly object oriented reinter‐
55 pretation of the C API, where opaque C structures are Perl objects, but
56 the style of function call has been left mostly untouched. As a
57 result, most routines modify one or more of the parameters passed to
58 them, reflecting the C call-by-reference (or call-by-value-return)
59 semantics.
60 All users of this module are therefore strongly advised to localize all
62 usage of these routines to minimize pain if and when the API changes.
63
65 This module wraps the GSSAPI C-Bindings. If you are new to GSSAPI it is
66 a good idea to read RFC2743 and RFC2744, the documentation requires you
67 to be familar with the concept and the wordings of GSSAPI programming.
68 the examples directory holds some working examples of usage:
70 getcred_hostbased.pl
72 gets a GSSAPI Token for a service specified on commandline. (like
73 kgetcred on Heimdal or kvno on MIT)
74 gss-client.pl
76 a simple GSSAPI TCP client.
77 gss-server.pl
79 a simple GSSAPI TCP server. Use both as templates if you need
80 quickhacking GSSAPI enabeled GSSAPI TCP services.
81 GSSAPI::Name
83 GSSAPI internal representation of principalname
85 Methods
87 import( $gssapinameobj, $servicename, $mechnism_oid );
89 converts stringrepresentation $servicename of service into a GSSAPI
90 internal format and stores it in $gssapiservicename.
91 input
93 servicename
94 Scalar value, like 'HTTP@moerbsen.grolmsnet.lan'.
95 mechnism_oid
97 Chose one of the predefines mechanism OIDs from GSSAPI::OID
98 output
100 $gssapinameobj
101 GSSAPI internal representation of servicename
102 return value
104 returns GSSAPI::Status Object
105 Example:
107 $status = GSSAPI::Name->import( $gssapinameobj,
108 'HTTP@moerbsen.grolmsnet.lan',
109 GSSAPI::OID::gss_nt_hostbased_service);
110 display($tname);
112 converts the GSSAPI internal format into a humanreadable string and
113 stores it into $tname.
114 output
116 humanreadable string will be stored into $tname.
117 return value
119 returns GSSAPI::Status Object
120 Example:
122 my $tname;
123 $status = $gssapinameobj->display($tname);
124 die 'hmm, error...' if($status->major != GSS_S_COMPLETE );
125 print "\n Name is $tname";
126 compare( nameobj, ret)
128 Wraps gss_compare_name().
129 Input
131 nameobj
132 the 2nd GSSAPI::Name to be compared to
133 output
135 ret
136 value is non-zero
137 names refer to same entity
138 value is zero
140 names refer to different entities.
141 return value
143 returns GSSAPI::Status Object
144 EXPORT
146 GSS_C_ACCEPT
148 GSS_C_AF_APPLETALK
149 GSS_C_AF_BSC
150 GSS_C_AF_CCITT
151 GSS_C_AF_CHAOS
152 GSS_C_AF_DATAKIT
153 GSS_C_AF_DECnet
154 GSS_C_AF_DLI
155 GSS_C_AF_DSS
156 GSS_C_AF_ECMA
157 GSS_C_AF_HYLINK
158 GSS_C_AF_IMPLINK
159 GSS_C_AF_INET
160 GSS_C_AF_LAT
161 GSS_C_AF_LOCAL
162 GSS_C_AF_NBS
163 GSS_C_AF_NS
164 GSS_C_AF_NULLADDR
165 GSS_C_AF_OSI
166 GSS_C_AF_PUP
167 GSS_C_AF_SNA
168 GSS_C_AF_UNSPEC
169 GSS_C_AF_X25
170 GSS_C_ANON_FLAG
171 GSS_C_BOTH
172 GSS_C_CALLING_ERROR_MASK
173 GSS_C_CALLING_ERROR_OFFSET
174 GSS_C_CONF_FLAG
175 GSS_C_DELEG_FLAG
176 GSS_C_EMPTY_BUFFER
177 GSS_C_GSS_CODE
178 GSS_C_INDEFINITE
179 GSS_C_INITIATE
180 GSS_C_INTEG_FLAG
181 GSS_C_MECH_CODE
182 GSS_C_MUTUAL_FLAG
183 GSS_C_NO_BUFFER
184 GSS_C_NO_CHANNEL_BINDINGS
185 GSS_C_NO_CONTEXT
186 GSS_C_NO_CREDENTIAL
187 GSS_C_NO_NAME
188 GSS_C_NO_OID
189 GSS_C_NO_OID_SET
190 GSS_C_PROT_READY_FLAG
191 GSS_C_QOP_DEFAULT
192 GSS_C_REPLAY_FLAG
193 GSS_C_ROUTINE_ERROR_MASK
194 GSS_C_ROUTINE_ERROR_OFFSET
195 GSS_C_SEQUENCE_FLAG
196 GSS_C_SUPPLEMENTARY_MASK
197 GSS_C_SUPPLEMENTARY_OFFSET
198 GSS_C_TRANS_FLAG
199 GSS_S_BAD_BINDINGS
200 GSS_S_BAD_MECH
201 GSS_S_BAD_NAME
202 GSS_S_BAD_NAMETYPE
203 GSS_S_BAD_QOP
204 GSS_S_BAD_SIG
205 GSS_S_BAD_STATUS
206 GSS_S_CALL_BAD_STRUCTURE
207 GSS_S_CALL_INACCESSIBLE_READ
208 GSS_S_CALL_INACCESSIBLE_WRITE
209 GSS_S_COMPLETE
210 GSS_S_CONTEXT_EXPIRED
211 GSS_S_CONTINUE_NEEDED
212 GSS_S_CREDENTIALS_EXPIRED
213 GSS_S_CRED_UNAVAIL
214 GSS_S_DEFECTIVE_CREDENTIAL
215 GSS_S_DEFECTIVE_TOKEN
216 GSS_S_DUPLICATE_ELEMENT
217 GSS_S_DUPLICATE_TOKEN
218 GSS_S_FAILURE
219 GSS_S_GAP_TOKEN
220 GSS_S_NAME_NOT_MN
221 GSS_S_NO_CONTEXT
222 GSS_S_NO_CRED
223 GSS_S_OLD_TOKEN
224 GSS_S_UNAUTHORIZED
225 GSS_S_UNAVAILABLE
226 GSS_S_UNSEQ_TOKEN
227 Exportable functions
229 $status = indicate_mechs($oidset)
231 Example
233 use GSSAPI qw(:all);
235 my $oidset;
237 my $isin = 0;
238 my $status = indicate_mechs( $oidset );
240 $status->major == GSS_S_COMPLETE ⎪⎪ die 'error';
241 $status = $oidset->contains( gss_mech_krb5_old, $isin );
243 $status->major == GSS_S_COMPLETE ⎪⎪ die 'error';
244 if ( $isin ) {
246 print 'Support of Kerberos 5 old mechtype';
247 } else {
248 print 'No Support of Kerberos 5 old mechtype';
249 }
250 Constant OIDs provided:
252 # Constant OIDs provided:
254 $oid = gss_nt_user_name;
255 $oid = gss_nt_machine_uid_name;
256 $oid = gss_nt_string_uid_name;
257 $oid = gss_nt_service_name;
258 $oid = gss_nt_exported_name;
259 $oid = gss_nt_service_name_v2;
260 $oid = gss_nt_krb5_name;
261 $oid = gss_nt_krb5_principal;
262 $oid = gss_mech_krb5;
263 $oid = gss_mech_krb5_old;
264 $oid = gss_mech_spnego;
265 All other functions are class or instance methods.
267
269 GSSAPI::Status(3p) GSSAPI::OID(3p) GSSAPI::OID::Set(3p)
270 RFC2743
272 Generic Security Service API Version 2 : C-bindings
273 RFC2744
275 Generic Security Service Application Program Interface
276 LWP::Authen::Negotiate
278 GSSAPI based Authentication plugin for LWP
279 Authen::SASL::Perl::GSSAPI
281 A SASL adapter, implementing the Authen::SASL interface, using GSS‐
282 API.pm
283 http://perlgssapi.sourceforge.net/
285 Holds an actual list of GSSAPI.pm authentication using modules
286 perl(1)
288
290 More documentation how to use the module has to be added.
291
293 See our project home at <http://perlgssapi.sourceforge.net/>
294 Mailinglist perlgssapi-users@lists.sourceforge.net
296
298 The module ist maintained by Achim Grolms <perl@grolmsnet.de>
299 originally written by Philip Guenther <pguen@cpan.org>
301
303 Philip Guenther
304 Leif Johansson
305 Merijn Broeren
306 Harald Joerg
307 Christopher Odenbach
308 Dax Kelson
309 Marc Lehmann
310 David Leonard
311 Florian Ragwitz
312 maintainer of Debian package
313
315 Copyright (c) 2006 Achim Grolms All rights reserved. This program is
316 free software; you can redistribute it and/or modify it under the same
317 terms as Perl itself.
318 Copyright (c) 2000,2001,2005 Philip Guenther. All rights reserved.
320 This program is free software; you can redistribute it and/or modify it
321 under the same terms as Perl itself.
322perl v5.8.8 2007-02-16 GSSAPI(3)