Authen::Krb5::Simple version 0.20 =============================================================================== The Authen::Krb5::Simple module provides a means to authenticate a user/password using Kerberose 5. Simply use this module and call its authenticate function with a username (or user@KRB_REALM) and a password. Detailed usage information can be found in the module's perldoc. INSTALLATION To install this module edit the CONFIG file to set test username and password. This is optional. If no username and password is given, then the user auth tests will be skipped. Once that is done, then type the following: perl Makefile.PL (answer the prompts) make make test make install DEPENDENCIES This module requires the Kerberos 5 header and library files. ------------------------------------------------------------------------------- NAME Authen::Krb5::Simple - Basic user authentication using Kerberos 5 SYNOPSIS use Authen::Krb5::Simple; my $krb = Authen::Krb5::Simple->new([realm => 'MY.KRB.REALM']); # Authenticate a user. # my $authen = $krb->authenticate($user, $password); unless($authen) { my $errmsg = $krb->errstr(); die "User: $user authentication failed: $errmsg\n"; } # Get the current default realm. # my $realm = $krb->realm(); # Set the current realm # $krb->realm('MY.NEW.REALM'); DESCRIPTION The "Authen::Krb5::Simple" module provides a means to authenticate a user/password using Kerberos 5 protocol. The module's authenticate function takes a username (or user@kerberos_realm) and a password, and authenticates that user using the local Kerberos 5 installation. It was initially created to allow perl scripts to perform authentication against a Microsoft Active Directory (AD) server. It is important to note: This module only performs simple authentication. It does not get, grant, use, or retain any kerberos tickets. It will check use credentials against the Kerberos server (as configured on the local system) each time the *authenticate* method is called. CONSTRUCTOR new The *new* method creates the *Authen::Krb5::Simple* object. It can take an optional argument hash. At present the only recognized argument is "realm". If no realm is specified, the default realm for the local host will be assumed. Once set, the specified realm will be used for all subsequent authentication calls. The realm can be changed using the *realm* function (see below). Examples: Using the default realm: my $krb = Authen::Krb5::Simple->new(); specifying a realm: my $krb = Authen::Krb5::Simple->new(realm => 'another.realm.net'); METHODS authenticate(%user[@realm], $password) the *authenticate* method takes the user (or user@realm) and a password, and uses kerberos 5 (the local systems installation) to authenticate the user. if the user/password is good, *authenticate* will return true (1). Otherwise, a false value is returned and the error code is stored in the object. if($krb->authenticate($user, $pw)) { print "$user authentication successful\n"; } else { print "$user authentication failed\n"; } realm([NEW.REALM]) The *realm* method is used to set or get the current default realm. If an argument is passed to this method, the default realm is set to its value. If no argument is supplied, the current realm is returned. errstr The *errstr* method will return the error message from the most recent *authentication* call. errcode The *errstr* method will return the krb5 error code from the most recent *authentication* call. This value will not be very useful. Use the *errstr* method to get a meaningful error message. BUGS This version of *Authen::Krb5::Simple* does not support empty passwords. If you pass '' as a password *authenticate* will print a warning and return false. However there will be no error code or string when "errstr" is called. AUTHOR Damien S. Stuart, SEE ALSO perl, Kerberos5 documentation. ------------------------------------------------------------------------------- COPYRIGHT AND LICENCE Copyright (c) 2003 Damien S. Stuart. All rights reserved. This program is free software; you can redistribute it and/or modify it under the same terms as Perl itself.