Authen::Krb5Password

NAME
    Authen::Krb5Password - Perl extension for Kerberos 5
    password verification

SYNOPSIS
      use Authen::Krb5Password;
      $success = kpass("username", "password", "service", "host", "FILE:/path/t
o/keytab");

DESCRIPTION
    This module provides a Perl function to perform password
    verification using Kerberos 5. It is intended for use by
    applications that cannot use the Kerberos protocol directly.
    If it must be run on a system that receives a username and
    password over the network, steps should be taken to ensure
    that these are passed to the server in a cryptographically
    secure manner.

    kpass() attempts to obtain credentials for the given
    username and password from the Kerberos AS, then obtain
    credentials for a local service from the Kerberos TGS to
    verify the authenticity of the AS response. Empty strings
    can be passed as the 3rd and/or 4th arguments to use the
    default service name ("host") and the fully canonicalized
    primary hostname of the system that the function is executed
    on. The fifth argument may be omitted to use the system's
    default keytab file.

    kpass() returns -1 if an error occurs, 0 if the username or
    password is incorrect, or 1 if password verification is
    successful. Errors and authentication failures are recorded
    via syslog(3). Because of deficiencies in Perl's syslog
    implementation in Sys::Syslog(3), there's no clean way to
    log output to any facility other than the default LOG_USER.
    One possible way around this problem is to use the
    Unix::Syslog module available on CPAN, which correctly uses
    your platform's native syslog library routines to perform
    the functions.

Prerequisites:

       - perl 5
       - MIT Kerberos V5 Release 1.2.x or better (this module
         also appears to work with Heimdal Kerberos, although
         I have not extensively tested it)
       - Creation of an application service principal on the Kerberos
         server in order to verify the KDC's response. And access to
         a local keytab file containing the key for that principal.

To build and install:

1. Edit "Makefile.PL" to reflect the proper locations of the MIT
  Kerberos 5 libraries and include directories for your system.
2. perl Makefile.PL
3. make
4. make test
5. (as root) make install
6. make distclean

Note that it may be necessary to create a keytab file specifically
for use with this module since the default system keytab file is
usually readable only by root.

Shumon Huque
E-mail: <shuque -at- isc.upenn.edu>
University of Pennsylvania.

Copyright (c) 2004, 2005 Shumon Huque. All rights reserved.  This
program is free software; you can redistribute it and/or modify it
under the same terms as Perl itself.

You are viewing proxied material from ftp.icm.edu.pl. The copyright of proxied material belongs to its original authors. Any comments or complaints in relation to proxied material should be directed to the original authors of the content concerned. Please see the disclaimer for more details.