1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
|
=head1 NAME
Authen::SASL - SASL Authentication framework
=head1 SYNOPSIS
use Authen::SASL;
$sasl = Authen::SASL->new(
mechanism => 'CRAM-MD5 PLAIN ANONYMOUS',
callback => {
pass => \&fetch_password,
user => $user,
}
);
=head1 DESCRIPTION
SASL is a generic mechanism for authentication used by several
network protocols. B<Authen::SASL> provides an implementation
framework that all protocols should be able to share.
The framework allows different implementations of the connection
class to be plugged in. At the time of writing there were two such
plugins.
=over 4
=item Authen::SASL::Perl
This module implements several mechanisms and is implemented
entirely in Perl.
=item Authen::SASL::Cyrus
This module uses the Cyrus SASL C-library (both version 1 and 2
are supported).
=back
By default the order in which these plugins are selected is
Authen::SASL::Cyrus first and then Authen::SASL::Perl.
If you want to change it or want to specifically use one
implementation only simply do
use Authen::SASL qw(Perl);
or if you have another plugin module that supports the Authen::SASL API
use Authen::SASL qw(My::SASL::Plugin);
=head2 CONTRUCTOR
The contructor may be called with or without arguments. Passing arguments is
just a short cut to calling the C<mechanism> and C<callback> methods.
=head2 METHODS
=over 4
=item mechanism
Returns the current list of mechanisms
=item mechanism NAMES
Set the list of mechanisms to choose from. NAMES should be a space separated string
of the names.
=item callback NAME
Returns the current callback associated with NAME
=item callback NAME => VALUE, NAME => VALUE, ...
Sets the given callbacks to the given values
=item client_new SERVICE, HOST, SECURITY
Creates and returns a new connection object for a client-side connection.
=item server_new SERVICE, HOST
Creates and returns a new connection object for a server-side connection.
Currently only supported by L<Authen::SASL::Cyrus>.
=back
=head1 The Connection Class
=over 4
=item server_start ( CHALLENGE )
server_start begins the authentication using the chosen mechanism.
If the mechanism is not supported by the installed SASL it fails.
Because for some mechanisms the client has to start the negotiation,
you can give the client challenge as a parameter.
=item server_step ( CHALLENGE )
server_step performs the next step in the negotiation process. The
first parameter you give is the clients challenge/response.
=item client_start
The initial step to be performed. Returns the initial value to pass to the server
or an empty list on error.
=item client_step CHALLENGE
This method is called when a response from the server requires it. CHALLENGE
is the value from the server. Returns the next value to pass to the server or an
empty list on error.
=item property NAME
=item property NAME => VALUE, NAME => VALUE
=item service
Returns the service argument that was passed to *_new-methods.
=item host
Returns the host argument that was passed to *_new-methods.
=item mechanism
Returns the name of the chosen mechanism.
=back
=head2 Callbacks
There are three different ways in which a callback may be passed
=over
=item CODEREF
If the value passed is a code reference then, when needed, it will be called
and the connection object will be passed as the first argument.
=item ARRAYREF
If the value passed is an array reference, the first element in the array
must be a code reference. When the callback is called the code reference
will be called with the connection object passed as the first argument
and all other values from the array passed after.
=item SCALAR
All other values passed will be used directly. ie it is the same as
passing an code reference that, when called, returns the value.
=back
=head1 SEE ALSO
L<Authen::SASL::Perl>, L<Authen::SASL::Cyrus> (for more methods that currently
only support by Authen::SASL::Cyrus)
=head1 AUTHOR
Graham Barr <gbarr@pobox.com>
Please report any bugs, or post any suggestions, to the perl-ldap mailing list
<perl-ldap-dev@lists.sourceforge.net>
=head1 COPYRIGHT
Copyright (c) 1998-2004 Graham Barr. All rights reserved. This program is
free software; you can redistribute it and/or modify it under the same
terms as Perl itself.
=cut
|
