NAME

Krb4 - Perl extension for Kerberos 4

SYNOPSIS

use Krb4;

DESCRIPTION

Krb4 is an object oriented extension to PERL 5 which implements several user-level Kerberos 4 functions. With this module, you can create Kerberized clients and servers written in PERL. It is compatible with both AFS and MIT Kerberos.

VARIABLES & FUNCTIONS

NOTE: No methods or variables are exported, so each variable and function should be preceded by 'Krb4::'

error

Contains the error code of the most recent Kerberos function call.

get_phost(alias)

Returns the instance name of the host 'alias'

get_lrealm(n)

Returns the nth realm of the host machine. n is zero by default.

realmofhost(host)

Returns the realm of the machine 'host'.

mk_req(service,instance,realm,checksum)

Returns a Krb4::Ticket object for the specified service, instance, and realm. It will return undef if there was an error.

rd_req(ticket,service,instance,fn)

Returns a Krb4::AuthDat object, which contains information obtained from the ticket, or undef upon failure. Ticket is a variable of the class Krb4::Ticket, which can be obtained from mk_req(). fn is a path to the appropriate srvtab. /etc/srvtab will be used if fn is null.

get_cred(service,instance,realm)

Searched the caller's ticket file for a ticket for the service and instance in the given realm. Returns a Krb4::Creds object, or undef upon failure.

get_key_sched(session)

Returns the key schedule for the session key 'session', which can be obtained from rd_req() or get_cred(). The key schedule is a Krb4::KeySchedule object.

mk_priv(in,schedule,key,sender,receiver)

Encrypts the data stored in 'in' and returns the encrypted data. sender and receiver should be in standard internet format, which can be achieved using the inet_aton and sockaddr_in functions in the Socket module.

rd_priv(in,schedule,key,sender,receiver)

Decrypts the variable 'in' and returns the original data. Other parameters are as described in mk_priv()

get_err_txt(n)

Returns a string containing a textual description of the kerberos error number n.

CLASSES & METHODS

There are four classes in the Krb4 module, Ticket, AuthDat, Creds, and KeySchedule. They are all simply abstractions of Kerberos 4 structures. You almost never need to worry about creating new objects--the functions which return these objects create them for you (is this the best thing to do?). The one exception is when you need to construct a Ticket object for rd_req(). See below for details.

Ticket

Contains a ticket for a specified service, instance, and realm.

* new(dat)

Returns a new Ticket object containing the data in 'dat'. You must create a new Ticket object on the server side for passing to rd_req().

* dat

The data contained in the ticket. Looks like junk to the naked eye.

* length

The length of the data contained in 'dat'.

AuthDat

Contains the contents of the AUTH_DAT structure returned by rd_req(). See below for the goodies.

* pname

Returns the principal's name.

* pinst

Returns the principal's instance.

* prealm

Returns the principal's realm.

* session

The session key. Pass this to get_key_sched() to obtain a key schedule for encryption.

* k_flags

Flags from the ticket.

* checksum

The checksum from the ticket. See mk_req().

* life

Life of the ticket.

* time_sec

The time the ticket was issued. localtime() can convert this to a nicer format.

* address

The address in the ticket. Useful for mutual authentication.

* reply

Auth reply (not very descriptive, I know...)

Creds

Contains information retreived from your ticket file.

* service

The service name.

* instance

The instance (duh!)

* realm

The realm (duh!)

* session

Returns the session key. Pass this to get_key_sched() to obtain a key schedule for encryption.

* lifetime

The lifetime of the ticket.

* kvno

The key version number.

* ticket_st

The ticket itself.

* issue_date

The date the ticket was issued.

* pname

The name of the principal.

* pinst

The instance of the principal.

KeySchedule

You don't need to fool around with this.

AUTHOR

Jeff Horwitz, jhorwitz@umich.edu

SEE ALSO

perl(1).