NAME
GSSAPI - Perl extension providing access to the GSSAPIv2 library
SYNOPSIS
use GSSAPI;
my $targethostname = 'HTTP@moerbsen.grolmsnet.lan';
my $status;
TRY: {
my ($target, $tname, $ttl );
$status = GSSAPI::Name->import( $target,
$server,
GSSAPI::OID::gssnthostbasedservice)
or last;
$status = $target->display($tname) or last;
print "\n using Name $tname";
my $ctx = GSSAPI::Context->new();
my $imech = GSSAPI::OID::gssmechkrb5;
my $iflags = 0 ;
my $bindings = GSSCNOCHANNELBINDINGS;
my $creds = GSSCNOCREDENTIAL;
my $itime = 0;
my $itoken = q{};
my $otoken;
$status = $ctx->init($creds,$target,
$imech,$iflags,$itime,$bindings,$itoken,
undef, $otoken,undef,undef) or last;
$status = $ctx->validtimeleft($ttl) or last;
print "\n Security context's time to live $ttl secs";
}
unless ($status->major == GSSSCOMPLETE ) {
print "\nErrors: ", $status;
} else {
print "\n seems everything is fine, type klist to see the ticket\n";
DESCRIPTION
This module gives access to the routines of the GSSAPI library, as
described in rfc2743 and rfc2744 and implemented by the Kerberos-1.2
distribution from MIT.
Since 0.14 it also compiles and works with Heimdal. Lacks of Heimdal
support are gssreleaseoid(), gssstrtooid() and fail of some tests.
Have a look at the tests in t/ directory too see what tests fail on
Heimdal ( the *.t tests are just skipping them at the moment)
The API presented by this module is a mildly object oriented
reinterpretation of the C API, where opaque C structures are Perl
objects, but the style of function call has been left mostly untouched.
As a result, most routines modify one or more of the parameters passed
to them, reflecting the C call-by-reference (or call-by-value-return)
semantics.
All users of this module are therefore strongly advised to localize all
usage of these routines to minimize pain if and when the API changes.
UUSSAAGGEE
This module wraps the GSSAPI C-Bindings. If you are new to GSSAPI it is
a good idea to read RFC2743 and RFC2744, the documentation requires you
to be familar with the concept and the wordings of GSSAPI programming.
the examples directory holds some working examples of usage:
getcredhostbased.pl
gets a GSSAPI Token for a service specified on commandline. (like
kgetcred on Heimdal or kvno on MIT)
gss-client.pl
a simple GSSAPI TCP client.
gss-server.pl
a simple GSSAPI TCP server. Use both as templates if you need
quickhacking GSSAPI enabeled GSSAPI TCP services.
GGSSSSAAPPII::::NNaammee
GSSAPI internal representation of principalname
Methods
import( $gssapinameobj, $servicename, $mechnismoid );
converts stringrepresentation $servicename of service into a GSSAPI
internal format and stores it in $gssapiservicename.
input
servicename
Scalar value, like 'HTTP@moerbsen.grolmsnet.lan'.
mechnismoid
Chose one of the predefines mechanism OIDs from GSSAPI::OID
output
$gssapinameobj
GSSAPI internal representation of servicename
return value
returns GSSAPI::Status Object
Example:
$status = GSSAPI::Name->import( $gssapinameobj,
'HTTP@moerbsen.grolmsnet.lan',
GSSAPI::OID::gssnthostbasedservice);
display($tname);
converts the GSSAPI internal format into a humanreadable string and
stores it into $tname.
output
humanreadable string will be stored into $tname.
return value
returns GSSAPI::Status Object
Example:
my $tname;
$status = $gssapinameobj->display($tname);
die 'hmm, error...' if($status->major != GSSSCOMPLETE );
print "\n Name is $tname";
compare( nameobj, ret)
Wraps gsscomparename().
Input
nameobj
the 2nd GSSAPI::Name to be compared to
output
ret
value is non-zero
names refer to same entity
value is zero
names refer to different entities.
return value
returns GSSAPI::Status Object
EEXXPPOORRTT
GSSCACCEPT
GSSCAFAPPLETALK
GSSCAFBSC
GSSCAFCCITT
GSSCAFCHAOS
GSSCAFDATAKIT
GSSCAFDECnet
GSSCAFDLI
GSSCAFDSS
GSSCAFECMA
GSSCAFHYLINK
GSSCAFIMPLINK
GSSCAFINET
GSSCAFLAT
GSSCAFLOCAL
GSSCAFNBS
GSSCAFNS
GSSCAFNULLADDR
GSSCAFOSI
GSSCAFPUP
GSSCAFSNA
GSSCAFUNSPEC
GSSCAFX25
GSSCANONFLAG
GSSCBOTH
GSSCCALLINGERRORMASK
GSSCCALLINGERROROFFSET
GSSCCONFFLAG
GSSCDELEGFLAG
GSSCEMPTYBUFFER
GSSCGSSCODE
GSSCINDEFINITE
GSSCINITIATE
GSSCINTEGFLAG
GSSCMECHCODE
GSSCMUTUALFLAG
GSSCNOBUFFER
GSSCNOCHANNELBINDINGS
GSSCNOCONTEXT
GSSCNOCREDENTIAL
GSSCNONAME
GSSCNOOID
GSSCNOOIDSET
GSSCPROTREADYFLAG
GSSCQOPDEFAULT
GSSCREPLAYFLAG
GSSCROUTINEERRORMASK
GSSCROUTINEERROROFFSET
GSSCSEQUENCEFLAG
GSSCSUPPLEMENTARYMASK
GSSCSUPPLEMENTARYOFFSET
GSSCTRANSFLAG
GSSSBADBINDINGS
GSSSBADMECH
GSSSBADNAME
GSSSBADNAMETYPE
GSSSBADQOP
GSSSBADSIG
GSSSBADSTATUS
GSSSCALLBADSTRUCTURE
GSSSCALLINACCESSIBLEREAD
GSSSCALLINACCESSIBLEWRITE
GSSSCOMPLETE
GSSSCONTEXTEXPIRED
GSSSCONTINUENEEDED
GSSSCREDENTIALSEXPIRED
GSSSCREDUNAVAIL
GSSSDEFECTIVECREDENTIAL
GSSSDEFECTIVETOKEN
GSSSDUPLICATEELEMENT
GSSSDUPLICATETOKEN
GSSSFAILURE
GSSSGAPTOKEN
GSSSNAMENOTMN
GSSSNOCONTEXT
GSSSNOCRED
GSSSOLDTOKEN
GSSSUNAUTHORIZED
GSSSUNAVAILABLE
GSSSUNSEQTOKEN
EExxppoorrttaabbllee ffuunnccttiioonnss
$status = indicatemechs($oidset)
Example
use GSSAPI qw(:all);
my $oidset;
my $isin = 0;
my $status = indicatemechs( $oidset );
$status->major == GSSSCOMPLETE || die 'error';
$status = $oidset->contains( gssmechkrb5old, $isin );
$status->major == GSSSCOMPLETE || die 'error';
if ( $isin ) {
print 'Support of Kerberos 5 old mechtype';
} else {
print 'No Support of Kerberos 5 old mechtype';
}
Constant OIDs provided:
# Constant OIDs provided:
$oid = gssntusername;
$oid = gssntmachineuidname;
$oid = gssntstringuidname;
$oid = gssntservicename;
$oid = gssntexportedname;
$oid = gssntservicenamev2;
$oid = gssntkrb5name;
$oid = gssntkrb5principal;
$oid = gssmechkrb5;
$oid = gssmechkrb5old;
$oid = gssmechspnego;
All other functions are class or instance methods.
SEE ALSO
GSSAPI::Status(3p) GSSAPI::OID(3p) GSSAPI::OID::Set(3p)
RFC2743
Generic Security Service API Version 2 : C-bindings
RFC2744
Generic Security Service Application Program Interface
LWP::Authen::Negotiate
GSSAPI based Authentication plugin for LWP
Authen::SASL::Perl::GSSAPI
A SASL adapter, implementing the Authen::SASL interface, using
GSSAPI.pm
http://perlgssapi.sourceforge.net/
Holds an actual list of GSSAPI.pm authentication using modules
perl(1)
BUGS
More documentation how to use the module has to be added.
SSUUPPPPOORRTT
See our project home at
Mailinglist perlgssapi-users@lists.sourceforge.net
AUTHOR The module ist maintained by Achim Grolms
originally written by Philip Guenther
TTHHAANNKKSS TTOO
Philip Guenther
Leif Johansson
Merijn Broeren
Harald Joerg
Christopher Odenbach
Dax Kelson
Marc Lehmann
David Leonard
Florian Ragwitz
maintainer of Debian package
COPYRIGHT Copyright (c) 2006 Achim Grolms All rights reserved. This program is
free software; you can redistribute it and/or modify it under the same
terms as Perl itself.
Copyright (c) 2000,2001,2005 Philip Guenther. All rights reserved.
This program is free software; you can redistribute it and/or modify it
under the same terms as Perl itself.
perl v5.8.8 2006-07-31 GSSAPI(3)