gen-auth (1)

Leading comments

Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)

Standard preamble:
========================================================================

(The comments found at the beginning of the groff file "man1/gen-auth.1".)

NAME

gen-auth - generate various authentication strings

USAGE

gen-auth [--help|--version] | <type> ...

DESCRIPTION

gen-auth is tool to assist in all kinds of authentication / encoding / decoding / encrypting tasks. It began life as an smtp-specific tool, but has drifted in functionality over time.

The program actions are broken down into types of encoding to generate. Each <type> then takes its own specific args. The arguments are expected in a specific order on the command line. Every argument that isn't available on the command line will be prompted for. One benefit to this is arguments corresponding to passwords will not be echoed to the terminal when prompted for.

TYPES

The program action is controlled by the first argument. The meaning of the following arguments is specified by this type

PLAIN

<username> <password>

This type generates a

PLAIN

(

RFC 2595

) authentication string. It accepts supplemental arguments of username and password. It generates a Base64 encoded string ``\0<username>\0<password>''.

LOGIN

<username> <password>

This method accepts username and password as supplemental args. It simply returns each string Base64 encoded. This provides only minimal advantages over using

ENCODE

twice. One advantage is hiding the password if you provide it on

STDIN

CRAM-MD5

<username> <password> <challenge>

CRAM-MD5

(

RFC 2195

) accepts three supplemental arguments. The first is the username and the second is the password. The third is the challenge string provided by the server. This string can be either Base64 encoded or not. The

RFC

states that all (unencoded) challenge strings must start w/ '<'. This is used to whether the string is Base64 encoded or not.

CRAM-MD5

uses the challenge and the supplied password to generate a digest. it then returns the Base64 encoded version of the string md5(``<username> <challenge>'')

This authentication method requires the Digest::MD5 perl module to be installed.

CRAM-SHA1

<username> <password> <challenge>

This behaves the same as

CRAM-MD5

but uses

SHA1

digesting rather than

MD5.

This authentication method requires the Digest::SHA1 perl module to be installed.

NTLM/SPA/MSN

<username> <password> <domain> <challenge>

Although it may be advertised as one of the above types, this method of authentication if refered to singularly as

NTLM.

This is a multi-step authentication type. The first 3 arguments must be supplied up front. They are username, password, and domain, in that order. These three strings are used to generate an ``Auth Request'' string. This string should be passed verbatim to the server. The server will then respond with a challenge. This challenge is the fourth argument. After receiving the server challenge, gen-auth will produce an ``Auth Response''. Posting this response to the server completes the

NTLM

authentication transaction.

This authentication method requires the Authen::NTLM perl module to be installed. See

EXAMPLES

for an example of this transaction. Note also that 'domain' is often blank from client or ignored by server.

HTTP-BASIC <username> <password>

Returns the value base64(``<username>:<password>''). Used for

HTTP

Basic authentication (

RFC 2617

). Used by adding a header ``Authorization: Basic <string>'' to a

HTTP

request where <string> is the output of this command.

APOP

<challenge> <password>

This implements the

APOP

authentication for the

POP3

protocol as described in

RFC 1939.

<challenge> is the challenge string presented by the

POP3

server in the greeting banner. <password> is the ``secret'' (usually a password) used to authenticate the user. This method returns a digest md5(``<challenge><password>''). This can be used to authenticate to a

POP3

server in a string like ``

APOP

<user> <digest>'' where <digest> is the string generated by this command.

APOP

required the Digest::MD5 perl module.

ENCODE

<string>

Simply Base64 encodes a plaintext string. Provided as a convenience function.

DECODE

<string>

Decodes a Base64 encoded string. Provided as a convenience function.

MD5/MD5-HEX

<string>

Provides an

MD5

digest of the supplied string in hex.

MD5-BASE64

<string>

Provides an

MD5

digest of the supplied string in Base64.

ENCRYPT

<string>

Returns a crypt(3) string generated from the input string.

SALTENCRYPT

<string> <salt>

Same as

ENCRYPT

but you provide the salt as the second argument. See crypt(3) man page for details.

ROT13

<string>

This performs a rot13 action on <string>. This implementation only performs the action on

ASCII 65-90,97-123.

Any other character value is left untouched. Therefore this method is primarily for LOCALE=C,

ASCII

only. Feel free to send patches if you care to have it work in another setting.

ATBASH

<string>

This performs an atbash action on <string>. Atbash mirrors a string such that 'a'=='z', 'b'=='y', etc. See the comments on locale and character set under

ROT13.

OPTIONS

-s

Supresses echo on all input fields read from standard input. If this option is not used, echo is suppressed on fields which are known to be password fields but this may not be secure enough.

--help

this screen.

--version

version info.

EXAMPLES

generate a

PLAIN AUTH

string for user 'tim', password 'tanstaaftanstaaf'

  > gen-auth plain tim tanstaaftanstaaf
  Auth String: AHRpbQB0YW5zdGFhZnRhbnN0YWFm

generate a

CRAM-MD5

string for user 'tim', password 'tanstaaftanstaaf', challenge '<1896.697170952@postoffice.reston.mci.net>', using prompt to hide password

  > gen-auth cram-md5                  
  username: tim
  password: 
  challenge: PDE4OTYuNjk3MTcwOTUyQHBvc3RvZmZpY2UucmVzdG9uLm1jaS5uZXQ+
  dGltIGI5MTNhNjAyYzdlZGE3YTQ5NWI0ZTZlNzMzNGQzODkw

use the

DECODE

method to ensure we provided the correct output in our last example

  > gen-auth decode dGltIGI5MTNhNjAyYzdlZGE3YTQ5NWI0ZTZlNzMzNGQzODkw
  tim b913a602c7eda7a495b4e6e7334d3890

use the

NTLM

(

MSN

) method to authenticate to a mail server using user 'tim', password 'tanstaaftanstaaf', and domain

MAIL.

Both the gen-auth transaction and

SMTP

transaction are shown to demonstrate the interaction between the two.

  AUTH MSN
  334 NTLM supported
  TlRMTVNTUAABAAAAB7IAAAMAAwAgAAAABAAEACMAAAB0aW1NQUlM
  334 TlRMTVNTUAACAAAAAAAAAAAoAAABggAA9RH5KZlXvygAAACAAAAAZL//4sQAAAAC
  TlRMTVNTUAADAAAAGAAYAEAAAAAYABgAWAAAAAAAAAAwAAAABgAGAHAAAAAGAAYAdgAAAAAAAAA8AAAAAYIAAK3lcO8PldNxIrkbvgKGJRR5owQePUtYaTtLVgfQiVQBywW2yZKyp+VFGqYfgDtdEHQAaQBtAHQAaQBtAA==
  235 Authentication succeeded

  > gen-auth spa
  username: tim
  password: 
  domain: MAIL
  Auth Request: TlRMTVNTUAABAAAAB7IAAAMAAwAgAAAABAAEACMAAAB0aW1NQUlM
  challenge: TlRMTVNTUAACAAAAAAAAAAAoAAABggAA9RH5KZlXvygAAACAAAAAZL//4sQAAAAC
  Auth Response: TlRMTVNTUAADAAAAGAAYAEAAAAAYABgAWAAAAAAAAAAwAAAABgAGAHAAAAAGAAYAdgAAAAAAAAA8AAAAAYIAAK3lcO8PldNxIrkbvgKGJRR5owQePUtYaTtLVgfQiVQBywW2yZKyp+VFGqYfgDtdEHQAaQBtAHQAaQBtAA==

REQUIRES

MIME::Base64

Required for all functionality

Digest::MD5

Required for

MD5, MD5-BASE64, CRAM-MD5, APOP

Digest::SHA1

Required for

CRAM-SHA1

Authen::NTLM

Required for

NTLM/MSN/SPA

EXIT CODES

0 - no errors occurred

1 - unrecognized type specified

CONTACT

proj-gen-auth@jetmore.net