Authen::SASL::Perl::GSSAPI - phpMan

Che Dong
NAME
    Authen::SASL::Perl::GSSAPI - GSSAPI (Kerberosv5) Authentication class

SYNOPSIS
      use Authen::SASL qw(Perl);

      $sasl = Authen::SASL->new( mechanism => 'GSSAPI' );

      $sasl = Authen::SASL->new( mechanism => 'GSSAPI',
                                 callback => { pass => $mycred });

      $sasl->client_start( $service, $host );

DESCRIPTION
    This method implements the client part of the GSSAPI SASL algorithm, as
    described in RFC 2222 section 7.2.1 resp. draft-ietf-sasl-gssapi-XX.txt.

    With a valid Kerberos 5 credentials cache (aka TGT) it allows to connect
    to *service*@*host* given as the first two parameters to Authen::SASL's
    client_start() method. Alternatively, a GSSAPI::Cred object can be
    passed in via the Authen::SASL callback hash using the `pass' key.

    Please note that this module does not currently implement a SASL
    security layer following authentication. Unless the connection is
    protected by other means, such as TLS, it will be vulnerable to
    man-in-the-middle attacks. If security layers are required, then the
    Authen::SASL::XS GSSAPI module should be used instead.

  CALLBACK
    The callbacks used are:

    authname
        The authorization identity to be used in SASL exchange

    gssmech
        The GSS mechanism to be used in the connection

    pass
        The GSS credentials to be used in the connection (optional)

EXAMPLE
     #! /usr/bin/perl -w

     use strict;

     use Net::LDAP 0.33;
     use Authen::SASL 2.10;

     # -------- Adjust to your environment --------
     my $adhost      = 'theserver.bla.net';
     my $ldap_base   = 'dc=bla,dc=net';
     my $ldap_filter = '(&(sAMAccountName=BLAAGROL))';

     my $sasl = Authen::SASL->new(mechanism => 'GSSAPI');
     my $ldap;

     eval {
         $ldap = Net::LDAP->new($adhost,
                                onerror => 'die')
           or  die "Cannot connect to LDAP host '$adhost': '$@'";
         $ldap->bind(sasl => $sasl);
     };

     if ($@) {
         chomp $@;
         die   "\nBind error         : $@",
               "\nDetailed SASL error: ", $sasl->error,
               "\nTerminated";
     }

     print "\nLDAP bind() succeeded, working in authenticated state";

     my $mesg = $ldap->search(base   => $ldap_base,
                              filter => $ldap_filter);

     # -------- evaluate $mesg

  PROPERTIES
    The properties used are:

    maxbuf
        The maximum buffer size for receiving cipher text

    minssf
        The minimum SSF value that should be provided by the SASL security
        layer. The default is 0

    maxssf
        The maximum SSF value that should be provided by the SASL security
        layer. The default is 2**31

    externalssf
        The SSF value provided by an underlying external security layer. The
        default is 0

    ssf The actual SSF value provided by the SASL security layer after the
        SASL authentication phase has been completed. This value is
        read-only and set by the implementation after the SASL
        authentication phase has been completed.

    maxout
        The maximum plaintext buffer size for sending data to the peer. This
        value is set by the implementation after the SASL authentication
        phase has been completed and a SASL security layer is in effect.

SEE ALSO
    Authen::SASL, Authen::SASL::Perl

AUTHORS
    Written by Simon Wilkinson, with patches and extensions by Achim Grolms
    and Peter Marschall.

    Please report any bugs, or post any suggestions, to the perl-ldap
    mailing list <perl-ldap AT perl.org>

COPYRIGHT
    Copyright (c) 2006 Simon Wilkinson, Achim Grolms and Peter Marschall.
    All rights reserved. This program is free software; you can redistribute
    it and/or modify it under the same terms as Perl itself.