| Authen::SASL::Perl(3) | User Contributed Perl Documentation | Authen::SASL::Perl(3) |
NAME¶
Authen::SASL::Perl -- Perl implementation of the SASL Authentication framework
SYNOPSIS¶
use Authen::SASL qw(Perl);
$sasl = Authen::SASL->new(
mechanism => 'CRAM-MD5 PLAIN ANONYMOUS',
callback => {
user => $user,
pass => \&fetch_password
}
);
DESCRIPTION¶
Authen::SASL::Perl is the pure Perl implementation of SASL mechanisms in the Authen::SASL framework.
At the time of this writing it provides the client part implementation for the following SASL mechanisms:
- ANONYMOUS
- The Anonymous SASL Mechanism as defined in RFC 2245 resp. in IETF Draft
draft-ietf-sasl-anon-03.txt from February 2004 provides a method to
anonymously access internet services.
Since it does no authentication it does not need to send any confidential information such as passwords in plain text over the network.
- CRAM-MD5
- The CRAM-MD5 SASL Mechanism as defined in RFC2195 resp. in IETF Draft
draft-ietf-sasl-crammd5-XX.txt offers a simple challenge-response
authentication mechanism.
Since it is a challenge-response authentication mechanism no passwords are transferred in clear-text over the wire.
Due to the simplicity of the protocol CRAM-MD5 is susceptible to replay and dictionary attacks, so DIGEST-MD5 should be used in preferrence.
- DIGEST-MD5
- The DIGEST-MD5 SASL Mechanism as defined in RFC 2831 resp. in IETF Draft
draft-ietf-sasl-rfc2831bis-XX.txt offers the HTTP Digest Access
Authentication as SASL mechanism.
Like CRAM-MD5 it is a challenge-response authentication method that does not send plain text passwords over the network.
Compared to CRAM-MD5, DIGEST-MD5 prevents chosen plaintext attacks, and permits the use of third party authentication servers, so that it is recommended to use DIGEST-MD5 instead of CRAM-MD5 when possible.
- EXTERNAL
- The EXTERNAL SASL mechanism as defined in RFC 2222 allows the use of external authentication systems as SASL mechanisms.
- GSSAPI
- The GSSAPI SASL mechanism as defined in RFC 2222 resp. IETF Draft
draft-ietf-sasl-gssapi-XX.txt allows using the Generic Security Service
Application Program Interface [GSSAPI] KERBEROS V5 as as SASL mechanism.
Although GSSAPI is a general mechanism for authentication it is almost exlusively used for Kerberos 5.
- LOGIN
- The LOGIN SASL Mechanism as defined in IETF Draft
draft-murchison-sasl-login-XX.txt allows the combination of username and
clear-text password to be used in a SASL mechanism.
It does does not provide a security layer and sends the credentials in clear over the wire. Thus this mechanism should not be used without adequate security protection.
- PLAIN
- The Plain SASL Mechanism as defined in RFC 2595 resp. IETF Draft
draft-ietf-sasl-plain-XX.txt is another SASL mechanism that allows
username and clear-text password combinations in SASL environments.
Like LOGIN it sends the credentials in clear over the network and should not be used without sufficient security protection.
SEE ALSO¶
Authen::SASL, Authen::SASL::Perl::ANONYMOUS, Authen::SASL::Perl::CRAM_MD5, Authen::SASL::Perl::DIGEST_MD5, Authen::SASL::Perl::EXTERNAL, Authen::SASL::Perl::GSSAPI, Authen::SASL::Perl::LOGIN, Authen::SASL::Perl::PLAIN
AUTHOR¶
Peter Marschall <peter@adpm.de>
Please report any bugs, or post any suggestions, to the perl-ldap mailing list <perl-ldap@perl.org>
COPYRIGHT¶
Copyright (c) 2004-2006 Peter Marschall. All rights reserved. This document is distributed, and may be redistributed, under the same terms as Perl itself.
| 2009-09-23 | perl v5.10.1 |