Authen::SASL::Perl (3)

Leading comments

Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)

Standard preamble:
========================================================================

(The comments found at the beginning of the groff file "man3/Authen::SASL::Perl.3pm".)

NAME

Authen::SASL::Perl -- Perl implementation of the SASL Authentication framework

SYNOPSIS

 use Authen::SASL qw(Perl);

 $sasl = Authen::SASL->new(
   mechanism => 'CRAM-MD5 PLAIN ANONYMOUS',
   callback => {
     user => $user,
     pass => \&fetch_password
   }
 );

DESCRIPTION

Authen::SASL::Perl is the pure Perl implementation of mechanisms in the Authen::SASL framework.

At the time of this writing it provides the client part implementation for the following

mechanisms:

ANONYMOUS

The Anonymous

SASL

Mechanism as defined in

RFC 2245

resp. in

IETF

Draft draft-ietf-sasl-anon-03.txt from February 2004 provides a method to anonymously access internet services.

Since it does no authentication it does not need to send any confidential information such as passwords in plain text over the network.

CRAM-MD5

The

CRAM-MD5 SASL

Mechanism as defined in

RFC2195

resp. in

IETF

Draft draft-ietf-sasl-crammd5-XX.txt offers a simple challenge-response authentication mechanism.

Since it is a challenge-response authentication mechanism no passwords are transferred in clear-text over the wire.

Due to the simplicity of the protocol

CRAM-MD5

is susceptible to replay and dictionary attacks, so

DIGEST-MD5

should be used in preferrence.

DIGEST-MD5

The

DIGEST-MD5 SASL

Mechanism as defined in

RFC 2831

resp. in

IETF

Draft draft-ietf-sasl-rfc2831bis-XX.txt offers the

HTTP

Digest Access Authentication as

SASL

mechanism.

Like

CRAM-MD5

it is a challenge-response authentication method that does not send plain text passwords over the network.

Compared to

CRAM-MD5, DIGEST-MD5

prevents chosen plaintext attacks, and permits the use of third party authentication servers, so that it is recommended to use

DIGEST-MD5

instead of

CRAM-MD5

when possible.

EXTERNAL

The

EXTERNAL SASL

mechanism as defined in

RFC 2222

allows the use of external authentication systems as

SASL

mechanisms.

GSSAPI

The

GSSAPI SASL

mechanism as defined in

RFC 2222

resp.

IETF

Draft draft-ietf-sasl-gssapi-XX.txt allows using the Generic Security Service Application Program Interface [

GSSAPI

]

KERBEROS V5

as as

SASL

mechanism.

Although

GSSAPI

is a general mechanism for authentication it is almost exlusively used for Kerberos 5.

LOGIN

The

LOGIN SASL

Mechanism as defined in

IETF

Draft draft-murchison-sasl-login-XX.txt allows the combination of username and clear-text password to be used in a

SASL

mechanism.

It does does not provide a security layer and sends the credentials in clear over the wire. Thus this mechanism should not be used without adequate security protection.

PLAIN

The Plain

SASL

Mechanism as defined in

RFC 2595

resp.

IETF

Draft draft-ietf-sasl-plain-XX.txt is another

SASL

mechanism that allows username and clear-text password combinations in

SASL

environments.

Like

LOGIN

it sends the credentials in clear over the network and should not be used without sufficient security protection.

As for server support, only

, and are supported at the time of this writing.

"server_new"

is a hashref that is only relevant for for now and it supports the following options:

- no_integrity

- no_confidentiality

which configures how the security layers are negotiated with the client (or rather imposed to the client).

SEE ALSO

Authen::SASL, Authen::SASL::Perl::ANONYMOUS, Authen::SASL::Perl::CRAM_MD5, Authen::SASL::Perl::DIGEST_MD5, Authen::SASL::Perl::EXTERNAL, Authen::SASL::Perl::GSSAPI, Authen::SASL::Perl::LOGIN, Authen::SASL::Perl::PLAIN

AUTHOR

Peter Marschall <peter@adpm.de>

Please report any bugs, or post any suggestions, to the perl-ldap mailing list <perl-ldap@perl.org>

COPYRIGHT

Copyright (c) 2004-2006 Peter Marschall. All rights reserved. This document is distributed, and may be redistributed, under the same terms as Perl itself.