|
Authen::Krb5Password - Perl extension for Kerberos 5 password verification |
Authen::Krb5Password - Perl extension for Kerberos 5 password verification
use Authen::Krb5Password;
$success = kpass("username", "password", "service", "host", "FILE:/path/to/keytab");
This module provides a Perl function to perform password verification using Kerberos 5. It is intended for use by applications that cannot use the Kerberos protocol directly. If it must be run on a system that receives a username and password over the network, steps should be taken to ensure that these are passed to the server in a cryptographically secure manner.
kpass() attempts to obtain credentials for the given username and password
from the Kerberos AS, then obtain credentials for a local service from the
Kerberos TGS to verify the authenticity of the AS response. Empty strings
can be passed as the 3rd and/or 4th arguments to use the default service
name (``host'') and the fully canonicalized primary hostname of the system
that the function is executed on. The fifth argument may be omitted to use
the system's default keytab file.
kpass() returns -1 if an error occurs, 0 if the username or password is
incorrect, or 1 if password verification is successful. Errors and
authentication failures are recorded via syslog(3). Because of deficiencies
in Perl's syslog implementation in Sys::Syslog(3), there's no clean way
to log output to any facility other than the default LOG_USER. One
possible way around this problem is to use the Unix::Syslog module
available on CPAN, which correctly uses your platform's native syslog
library routines to perform the functions.
openlog(3), perl(1), syslog(3), Sys::Syslog(3).
|
Authen::Krb5Password - Perl extension for Kerberos 5 password verification |