--On Thursday, May 18, 2006 7:27 AM -0400 Dennis Putnam
<[EMAIL PROTECTED]> wrote:
I was told some of you folks are working with Kerberos auth using
GSSAPI. I am trying to do the same thing with POP rather then LDAP and I
am hoping someone here might be able to help me. It is not obvious to me
what I really need to pass in the 'auth' method so I suspect that is the
crux of my problem. When I try to authenticate to the POP server it
fails and all that shows up in the POP log is 'badlogin'. Here is my
relevant code:
use strict;
use Net::POP3;
use Authen::SASL;
I was able to use Authen::SASL to do GSSAPI authentication via finger &
whois, using the Authen-SASL-GSSAPI-server package.
The following are my code snippets that may help you in the right direction:
############################################################################
# SASL related subroutines
############################################################################
sub sendreply
{
$SIG{PIPE} = 'IGNORE'; # Client is closing too fast
my ($s,$so) = @_;
$s = " " unless $s;
#print "Sendreply: ",substr($s,0,10),"\n";
syswrite ($so,$s);
}
sub getreply
{
my ($so) = @_;
my $s;
#print "Getreply is waiting.\n";
sysread($so,$s,4096);
#print "Getreply: ",substr($s,0,10),"\n";
return $s;
}
sub query_server {
my ($server, $query, $port) = @_;
# I tried using IO::Socket here, but the load time was noticeable.
# Using Getopt::Long is bad enough. On top of that, IO::Socket doesn't
# return meaningful error codes that I can see, so one can't distinguish
# between, say, "connection refused" and "host unreachable."
my $address = inet_aton ($server)
or die "Can't resolve server name $server\n";
my $proto = getprotobyname 'tcp';
$port ||= 43;
if ($port =~ /\D/) {
my $service = $port;
$port = getservbyname ($service, 'tcp')
or die "Unknown service $service\n";
}
socket (S, PF_INET, SOCK_STREAM, $proto)
or die "Can't create local socket: $!\n";
connect (S, sockaddr_in ($port, $address))
or die "Can't connect to $server: $!\n";
my $oldfh = select S; $| = 1; select $oldfh;
my $remote_ip = inet_ntoa($address);
my ($local_port, $local_ip) = sockaddr_in(getsockname(S));
$local_ip = inet_ntoa($local_ip);
#print "$local_ip;$local_port $remote_ip;$port\n";
my $saslClient = Authen::SASL->new (
mechanism => "GSSAPI",
callback => {
}
);
my $conn = $saslClient->client_new("host", "$remote_ip",
"$local_ip;$local_port", "$remote_ip;$port");
sendreply($conn->client_start(),\*S,0);
while ($conn->need_step) {
sendreply($conn->client_step(&getreply(\*S) ), \*S );
}
--Quanah
--
Quanah Gibson-Mount
Principal Software Developer
ITS/Shared Application Services
Stanford University
GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html
