I have added server_new () server_start() server_step()
to my working copy of Simon's Authen::SASL::Perl:GSSPI
to plug GSSAPI authentication into my "POP3-server" pop3d.pl
Authentication works fine, but I am unsure how to build the interface
and what's correct to support Security layers.
As base of discussion I have added my working copy.
#------------------------------------
1. I have added server_new () directly to Authen::SASL::Perl:GSSPI module,
because Authen::SASL::Perl does not support server_new ().
That means I am creating the $sasl object (works for me)
this way to avoid the problem:
my $sasl = Authen::SASL::Perl::GSSAPI->new(
mechanism => 'GSSAPI'
);
Is there a better way to use the server_new() method?
#------------------------------------
2. After decrypting the clienside token the module knows the
clientside "usernam" (the userprincipal), somthing like
'[EMAIL PROTECTED]'.
I am storing that into
$self->property( 'user' => $tname );
Is that correct?
#------------------------------------
3. SASL-GSSAPI allows to use a "authorization identity" different from
the authentication identity.
Where to store this?
#------------------------------------
4. The module does not support Security layers.
But when trying to implement:
Exactly what is decrypted/encrypted?
The complete socket traffic?
Parts of the SASL using protocol?
#------------------------------------
5. is gss_wrap_size_limit()
the "maximum size" from RFC2222 7.2.2?
#------------------------------------
Thank you,
Achim
GSSAPI.pm
Description: application/perl-module
