DOC HOME SITE MAP MAN PAGES GNU INFO SEARCH PRINT BOOK
 

Tidy(3)





NAME

       Authen::SASL::Perl -- Perl implementation of the SASL Authentication
       framework


SYNOPSIS

        use Authen::SASL qw(Perl);

        $sasl = Authen::SASL->new(
          mechanism => 'CRAM-MD5 PLAIN ANONYMOUS',
          callback => {
            user => $user,
            pass => \&fetch_password
          }
        );


DESCRIPTION

       Authen::SASL::Perl is the pure Perl implementation of SASL mechanisms
       in the Authen::SASL framework.

       At the time of this writing it provides the client part implementation
       for the following SASL mechanisms:

       ANONYMOUS
           The Anonymous SASL Mechanism as defined in RFC 2245 resp.  in IETF
           Draft draft-ietf-sasl-anon-03.txt from February 2004 provides a
           method to anonymously access internet services.

           Since it does no authentication it does not need to send any confi-
           dential information such as passwords in plain text over the net-
           work.

       CRAM-MD5
           The CRAM-MD5 SASL Mechanism as defined in RFC2195 resp.  in IETF
           Draft draft-ietf-sasl-crammd5-02.txt from January 2004 offers a
           simple challenge-response authentication mechanism.

           Since it is a challenge-response authentication mechanism no pass-
           words are transferred in clear-text over the wire.

           Due to the simplicity of the protocol CRAM-MD5 is susceptible to
           replay and dictionary attacks, so DIGEST-MD5 should be used in pre-
           ferrence.

       DIGEST-MD5
           The DIGEST-MD5 SASL Mechanism as defined in RFC 2831 resp.  in IETF
           Draft draft-ietf-sasl-rfc2831bis-03.txt from February 2004 offers
           the HTTP Digest Access Authentication as SASL mechanism.

           Like CRAM-MD5 it is a challenge-response authentication method that
           does not send plain text passwords over the network.

           Compared to CRAM-MD5, DIGEST-MD5 prevents chosen plaintext attacks,
           and permits the use of third party authentication servers, so that
           it is recommended to use DIGEST-MD5 instead of CRAM-MD5 when possi-
           ble.

       EXTERNAL
           The EXTERNAL SASL mechanism as defined in RFC 2222 allows the use
           of external authentication systems as SASL mechanisms.

       LOGIN
           The LOGIN SASL Mechanism as defined in IETF Draft draft-murchi-
           son-sasl-login-00.txt from August 2003 allows  the combination of
           username and clear-text password to be used in a SASL mechanism.

           It does does not provide a security layer and sends the credentials
           in clear over the wire.  Thus this mechanism should not be used
           without adequate security protection.

       PLAIN
           The Plain SASL Mechanism as defined in RFC 2595 resp. IETF Draft
           draft-ietf-sasl-plain-04.txt from February 2004 is another SASL
           mechanism that allows username and clear-text password combinations
           in SASL environments.

           Like LOGIN it sends the credentials in clear over the network and
           should not be used without sufficient security protection.


SEE ALSO

       Authen::SASL, Authen::SASL::Cyrus::ANONYMOUS,
       Authen::SASL::Cyrus::CRAM_MD5, Authen::SASL::Cyrus::DIGEST_MD5,
       Authen::SASL::Cyrus::EXTERNAL, Authen::SASL::Cyrus::LOGIN,
       Authen::SASL::Cyrus::PLAIN


AUTHOR

       Peter Marschall <peter@adpm.de>

       Please report any bugs, or post any suggestions, to the perl-ldap mail-
       ing list <perl-ldap@perl.org>


COPYRIGHT

       Copyright (c) 2004 Peter Marschall.  All rights reserved. This document
       is distributed, and may be redistributed, under the same terms as Perl
       itself.

perl v5.8.8                       2006-03-25             Authen::SASL::Perl(3)
See also Authen::SASL::Perl::ANONYMOUS(3)
See also Authen::SASL::Perl::CRAM_MD5(3)
See also Authen::SASL::Perl::DIGEST_MD5(3)
See also Authen::SASL::Perl::EXTERNAL(3)
See also Authen::SASL::Perl::GSSAPI(3)
See also Authen::SASL::Perl::LOGIN(3)
See also Authen::SASL::Perl::PLAIN(3)
See also Perl::Tidy(3)

Man(1) output converted with man2html