On Thu, May 18, 2006 11:14 am, Quanah Gibson-Mount wrote:
>
> I was able to use Authen::SASL to do GSSAPI authentication via finger &
> whois, using the Authen-SASL-GSSAPI-server package.
What you show below is basically what most modules, eg Net::POP3 and
Net::LDAP, do behind the scenes.
I think the question that Dennis needs answered is what to use as callback
values when authenticating using Kerberos, SASL and GSSAPI
Graham.
>
> The following are my code snippets that may help you in the right
> direction:
>
> ############################################################################
> # SASL related subroutines
> ############################################################################
>
> sub sendreply
> {
> $SIG{PIPE} = 'IGNORE'; # Client is closing too fast
> my ($s,$so) = @_;
> $s = " " unless $s;
> #print "Sendreply: ",substr($s,0,10),"\n";
> syswrite ($so,$s);
> }
>
> sub getreply
> {
> my ($so) = @_;
> my $s;
> #print "Getreply is waiting.\n";
> sysread($so,$s,4096);
> #print "Getreply: ",substr($s,0,10),"\n";
> return $s;
> }
>
>
> sub query_server {
> my ($server, $query, $port) = @_;
>
> # I tried using IO::Socket here, but the load time was noticeable.
> # Using Getopt::Long is bad enough. On top of that, IO::Socket
> doesn't
> # return meaningful error codes that I can see, so one can't
> distinguish
> # between, say, "connection refused" and "host unreachable."
> my $address = inet_aton ($server)
> or die "Can't resolve server name $server\n";
> my $proto = getprotobyname 'tcp';
> $port ||= 43;
> if ($port =~ /\D/) {
> my $service = $port;
> $port = getservbyname ($service, 'tcp')
> or die "Unknown service $service\n";
> }
>
> socket (S, PF_INET, SOCK_STREAM, $proto)
> or die "Can't create local socket: $!\n";
> connect (S, sockaddr_in ($port, $address))
> or die "Can't connect to $server: $!\n";
> my $oldfh = select S; $| = 1; select $oldfh;
>
> my $remote_ip = inet_ntoa($address);
> my ($local_port, $local_ip) = sockaddr_in(getsockname(S));
> $local_ip = inet_ntoa($local_ip);
> #print "$local_ip;$local_port $remote_ip;$port\n";
>
> my $saslClient = Authen::SASL->new (
> mechanism => "GSSAPI",
> callback => {
> }
> );
> my $conn = $saslClient->client_new("host", "$remote_ip",
> "$local_ip;$local_port", "$remote_ip;$port");
>
> sendreply($conn->client_start(),\*S,0);
> while ($conn->need_step) {
> sendreply($conn->client_step(&getreply(\*S) ), \*S );
> }
>
>
>
>
>
> --Quanah
>
>
> --
> Quanah Gibson-Mount
> Principal Software Developer
> ITS/Shared Application Services
> Stanford University
> GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html
>
>
