Help-Site Computer Manuals
Software
Hardware
Programming
Networking
  Algorithms & Data Structures   Programming Languages   Revision Control
  Protocols
  Cameras   Computers   Displays   Keyboards & Mice   Motherboards   Networking   Printers & Scanners   Storage
  Windows   Linux & Unix   Mac

LWP::Authen::Negotiate
GSSAPI based Authentication Plugin for LWP

LWP::Authen::Negotiate - GSSAPI based Authentication Plugin for LWP


NAME

LWP::Authen::Negotiate - GSSAPI based Authentication Plugin for LWP


SYNOPSIS


   #! /usr/bin/perl -w

   use strict;

   require LWP::UserAgent;

   # uncomment if you want see what is going wrong messages

   #

   #use LWP::Debug qw(+);

   my $ua = LWP::UserAgent->new;

   my $response = $ua->get('http://testwurst.grolmsnet.lan:8090/geheim/');

   if ($response->is_success) {

      print $response->content;  # or whatever

   }

   else {

       die $response->status_line;

   }

just install LWP::Authen::Negotiate, LWP uses it as authentication plugin. Use your LWP::UserAgent Scripts as usual. Authentication is done transparent based on your GSSAPI installation (MIT Kerberos or Heimdal)

WWW-Negotiate Webservers are IIS or Apache with mod_auth_kerb for example.


DESCRIPTION

To see what ist going on add


   use LWP::Debug qw(+);

to yor LWP using Scripts.

(e.g. too see what is going wrong with GSSAPI...)


DEBUGGING

To see what ist going on (and going wrong) add


   use LWP::Debug qw(+);

to yor LWP using Scripts.

(e.g. too see what is going wrong with GSSAPI...)

the output will look like this:


   LWP::UserAgent::new: ()

   LWP::UserAgent::request: ()

   LWP::UserAgent::send_request: GET http://testwurst.grolmsnet.lan:8090/geheim/

   LWP::UserAgent::_need_proxy: Not proxied

   LWP::Protocol::http::request: ()

   LWP::Protocol::collect: read 478 bytes

   LWP::UserAgent::request: Simple response: Unauthorized

   LWP::Authen::Negotiate::authenticate: authenticate() called

   LWP::Authen::Negotiate::authenticate: target hostname testwurst.grolmsnet.lan

   LWP::Authen::Negotiate::authenticate: GSSAPI servicename     HTTP/moerbsen.grolmsnet.lan@GROLMSNET.LAN

   LWP::Authen::Negotiate::authenticate:  Miscellaneous failure (see text)

   LWP::Authen::Negotiate::authenticate: open(/tmp/krb5cc_1000): file not found

In this case the credentials cache was empty. Run kinit first ;-)


ENVIRONMENT

LWP_AUTHEN_NEGOTIATE_DELEGATE
Define to enable ticket forwarding to webserver.


SEE ALSO

http://www.kerberosprotocols.org/index.php/Draft-brezak-spnego-http-03.txt
Description of WWW-Negotiate protol

http://modauthkerb.sourceforge.net/
the Kerberos and SPNEGO Authentication module for Apache mod_auth_kerb

http://perlgssapi.sourceforge.net/
Module Homepage

http://www.kerberosprotocols.org/index.php/Web
Sofware and APIs related to WWW-Negotiate

http://www.grolmsnet.de/kerbtut/
describes how to let mod_auth_kerb play together with Internet Explorer and Windows2003 Server


BUGS

As default Kerberos 5 is selected as GSSAPI mechanism. a later veriosn will make that configureable.


AUTHOR

Achim Grolms, <achim@grolmsnet.de>

http://perlgssapi.sourceforge.net/

Thanks to

Leif Johansson
who has conributed a lot of code from his implementation of the module and send a lot of input, ideas and feedback

Harald Joerg
helped with Kerberos knowledge and does testing on cygwin against IIS and mod_auth_kerb

Christopher Odenbach
does a lot of testing on Linux and Solaris

Dax Kelson
does a lot of testing on Linux

Karsten Kuenne
helped with advice


COPYRIGHT AND LICENSE

Copyright (C) 2006 by Achim Grolms <perl@grolmsnet.de>

This library is free software; you can redistribute it and/or modify it under the same terms as Perl itself, either Perl version 5.8.4 or, at your option, any later version of Perl 5 you may have available.

Programminig
Wy
Wy
yW
Wy
Programming
Wy
Wy
Wy
Wy