{ "content": [ { "type": "text", "text": "# Authen::SASL::Perl (perldoc)\n\n## NAME\n\nAuthen::SASL::Perl -- Perl implementation of the SASL Authentication framework\n\n## SYNOPSIS\n\nuse Authen::SASL qw(Perl);\n$sasl = Authen::SASL->new(\nmechanism => 'CRAM-MD5 PLAIN ANONYMOUS',\ncallback => {\nuser => $user,\npass => \\&fetchpassword\n}\n);\n\n## DESCRIPTION\n\nAuthen::SASL::Perl is the pure Perl implementation of SASL mechanisms in the Authen::SASL\nframework.\n\n## Sections\n\n- **NAME**\n- **SYNOPSIS**\n- **DESCRIPTION**\n- **SEE ALSO**\n- **AUTHOR**\n- **COPYRIGHT**\n\nUse structuredContent.sections for detailed options, examples, and full documentation.\n" } ], "structuredContent": { "command": "Authen::SASL::Perl", "section": "", "mode": "perldoc", "summary": "Authen::SASL::Perl -- Perl implementation of the SASL Authentication framework", "synopsis": "use Authen::SASL qw(Perl);\n$sasl = Authen::SASL->new(\nmechanism => 'CRAM-MD5 PLAIN ANONYMOUS',\ncallback => {\nuser => $user,\npass => \\&fetchpassword\n}\n);", "tldr_summary": null, "tldr_examples": [], "tldr_source": null, "flags": [], "examples": [], "see_also": [], "section_outline": [ { "name": "NAME", "lines": 2, "subsections": [] }, { "name": "SYNOPSIS", "lines": 10, "subsections": [] }, { "name": "DESCRIPTION", "lines": 75, "subsections": [] }, { "name": "SEE ALSO", "lines": 4, "subsections": [] }, { "name": "AUTHOR", "lines": 5, "subsections": [] }, { "name": "COPYRIGHT", "lines": 3, "subsections": [] } ], "sections": { "NAME": { "content": "Authen::SASL::Perl -- Perl implementation of the SASL Authentication framework\n", "subsections": [] }, "SYNOPSIS": { "content": "use Authen::SASL qw(Perl);\n\n$sasl = Authen::SASL->new(\nmechanism => 'CRAM-MD5 PLAIN ANONYMOUS',\ncallback => {\nuser => $user,\npass => \\&fetchpassword\n}\n);\n", "subsections": [] }, "DESCRIPTION": { "content": "Authen::SASL::Perl is the pure Perl implementation of SASL mechanisms in the Authen::SASL\nframework.\n\nAt the time of this writing it provides the client part implementation for the following SASL\nmechanisms:\n\nANONYMOUS\nThe Anonymous SASL Mechanism as defined in RFC 2245 resp. in IETF Draft\ndraft-ietf-sasl-anon-03.txt from February 2004 provides a method to anonymously access\ninternet services.\n\nSince it does no authentication it does not need to send any confidential information such\nas passwords in plain text over the network.\n\nCRAM-MD5\nThe CRAM-MD5 SASL Mechanism as defined in RFC2195 resp. in IETF Draft\ndraft-ietf-sasl-crammd5-XX.txt offers a simple challenge-response authentication mechanism.\n\nSince it is a challenge-response authentication mechanism no passwords are transferred in\nclear-text over the wire.\n\nDue to the simplicity of the protocol CRAM-MD5 is susceptible to replay and dictionary\nattacks, so DIGEST-MD5 should be used in preferrence.\n\nDIGEST-MD5\nThe DIGEST-MD5 SASL Mechanism as defined in RFC 2831 resp. in IETF Draft\ndraft-ietf-sasl-rfc2831bis-XX.txt offers the HTTP Digest Access Authentication as SASL\nmechanism.\n\nLike CRAM-MD5 it is a challenge-response authentication method that does not send plain text\npasswords over the network.\n\nCompared to CRAM-MD5, DIGEST-MD5 prevents chosen plaintext attacks, and permits the use of\nthird party authentication servers, so that it is recommended to use DIGEST-MD5 instead of\nCRAM-MD5 when possible.\n\nEXTERNAL\nThe EXTERNAL SASL mechanism as defined in RFC 2222 allows the use of external authentication\nsystems as SASL mechanisms.\n\nGSSAPI\nThe GSSAPI SASL mechanism as defined in RFC 2222 resp. IETF Draft\ndraft-ietf-sasl-gssapi-XX.txt allows using the Generic Security Service Application Program\nInterface [GSSAPI] KERBEROS V5 as as SASL mechanism.\n\nAlthough GSSAPI is a general mechanism for authentication it is almost exlusively used for\nKerberos 5.\n\nLOGIN\nThe LOGIN SASL Mechanism as defined in IETF Draft draft-murchison-sasl-login-XX.txt allows\nthe combination of username and clear-text password to be used in a SASL mechanism.\n\nIt does does not provide a security layer and sends the credentials in clear over the wire.\nThus this mechanism should not be used without adequate security protection.\n\nPLAIN\nThe Plain SASL Mechanism as defined in RFC 2595 resp. IETF Draft\ndraft-ietf-sasl-plain-XX.txt is another SASL mechanism that allows username and clear-text\npassword combinations in SASL environments.\n\nLike LOGIN it sends the credentials in clear over the network and should not be used without\nsufficient security protection.\n\nAs for server support, only *PLAIN*, *LOGIN* and *DIGEST-MD5* are supported at the time of this\nwriting.\n\n\"servernew\" OPTIONS is a hashref that is only relevant for *DIGEST-MD5* for now and it supports\nthe following options:\n\n- nointegrity\n- noconfidentiality\n\nwhich configures how the security layers are negotiated with the client (or rather imposed to\nthe client).\n", "subsections": [] }, "SEE ALSO": { "content": "Authen::SASL, Authen::SASL::Perl::ANONYMOUS, Authen::SASL::Perl::CRAMMD5,\nAuthen::SASL::Perl::DIGESTMD5, Authen::SASL::Perl::EXTERNAL, Authen::SASL::Perl::GSSAPI,\nAuthen::SASL::Perl::LOGIN, Authen::SASL::Perl::PLAIN\n", "subsections": [] }, "AUTHOR": { "content": "Peter Marschall \n\nPlease report any bugs, or post any suggestions, to the perl-ldap mailing list\n\n", "subsections": [] }, "COPYRIGHT": { "content": "Copyright (c) 2004-2006 Peter Marschall. All rights reserved. This document is distributed, and\nmay be redistributed, under the same terms as Perl itself.\n", "subsections": [] } } } }