Authen::SASL::Perl::GSSAPI usage examples

The perlmodule Authen::SASL::Perl::GSSAPI by Simon Wilkinson is a SASL adapter to GSSAPI.pm implementing the Authen::SASL interface

That means Authen::SASL using modules are able to use Kerberos5 authentication when using kerberized applicationserver.

This text provides examples of how to use Authen::SASL::Perl::GSSAPI in some Authen::SASL using perlmodules.

Frequently known "problems":

• ensure you have properly installed the GSSAPI module from CPAN

• ensure you have a valid TGT in credentials cache (means run kinit first...)

usage examples

• Net::LDAP

  1. SASL (RFC2222) is supported since LDAPv3.
  2. To check if a ldap-server supports SASL mechanism 'GSSAPI' check the Attribute 'supportedSASLMechnisms' of the root DSE:

        ldapsearch -h ldap.example.grolmsnet.de -s base -b "" "(objectclass=*)" supportedSASLMechanisms
     

  #! /usr/bin/perl -w
  
  use strict;
  
  use Net::LDAP 0.33;
  use Authen::SASL 2.10;
  
  my $sasl = Authen::SASL->new( mechanism => 'GSSAPI' );
  
  my $host =  $ARGV[0] || die "\n\nusage: $0 ldapserver \n\n";
  my $ldap = Net::LDAP->new(
                 $host,
                 onerror => 'die',
             ) or die "Cannot connect to LDAP host '$host'";
  
  my $dse = $ldap->root_dse();
  $dse->supported_sasl_mechanism ( 'GSSAPI' ) || die "\n sorry, $host does not support GSSAPI...\n";;
  
  eval {
      $ldap->bind( sasl => $sasl  );
  } or  die $@, $sasl->error(), "\n Terminating.\n";
  
  print "\n SASL-bind to $host successfull...\n\n";
  

• Net::POP3

  • POP3 Server announces SASL-support and supported SASL mechnisms

    • in answer to CAPA, if SASL is available

    • or, in old implementation in answer to AUTH command.

  • Net::POP3 2.28 does not support Authen::SASL properly.

    The fixed version is not available at CPAN, but in Subversion Repository http://svn.goingon.net/repos/libnet/trunk/Net/POP3.pm (hopefully becoming 2.29)

  #! /usr/bin/perl -w
  
  use strict;
  use Net::POP3;
  use Authen::SASL 2.10;
  
  #
  # first line of SASL magic follows:
  #
  
  my $sasl = Authen::SASL->new( mechanism => 'GSSAPI' ) || die 'cannot create SASL object';
  
  my $pop3host =  $ARGV[0] || die "\n\nusage: $0 pop3server \n\n";
  my $pop = Net::POP3->new( $pop3host ) || die "cannot connect to $pop3host";
  my $capa = $pop->capa() || die '$pop->capa() failed';
  if ( exists $capa->{'SASL'} ) {
  
      #
      # second line of SASL magic follows:
      #
  
      $pop->auth( $sasl ) || die 'auth( $sasl ) error: ', $pop->message;
  
  
      print "\n\n successfully logged into $pop3host";
      my $msgnums = $pop->list || die 'list';
      print "\n count of messages in mailbox: ",
            scalar( keys %{ $msgnums } );
  }
  else {
      print "\n sorry, server $pop3host announces no SASL support\n\n";
  }
  $pop->quit;
  

Author: Achim Golms, perl@grolmsnet.de

Last update 2006-06-09