perl-ldap-dev

GSSAPI/Kerberos binds with Net::LDAP

[Simon W. <sx...@sx...>]

I've got a small piece of XStub shim which I've implemented to allow GSSAPI 
SASL binds to be performed from Net::LDAP. Would you be interested in having 
this intergrated into the Net::LDAP distribution, and if not, who (Graham?) 
do I need to speak to about carving out a chunk of the Authen::SASL namespace 
for it.

I'd also like, as a slightly longer term project, to do some work on the 
Authen::SASL infrastructure, so that it can better support connection 
encryption rather than just authentication, and so that the 
challenge/response mechanism is better defined.

Cheers,

Simon.

-- 
Simon Wilkinson            <si...@sx...>          http://www.sxw.org.uk
"For every complex problem, there is a solution that is simple, neat, and
wrong." -- H. L. Mencken

Re: GSSAPI/Kerberos binds with Net::LDAP

[Graham B. <gb...@po...>]

The Net::LDAP distribution is completely perl, so I would not want to
add and XS to it. But I would consider making changes so that it could
be used but distribued separately.

As for Authen::SASL, I am in the process of giving this an overhaul,
but again I want it to remain mainly perl only. But I would be happy
to talk to you about it.

I was planning to move Authen::SASL out of the Net::LDAP dist and into
its own anyway.

Graham.

On Thu, Feb 15, 2001 at 05:24:43PM +0000, Simon Wilkinson wrote:
> I've got a small piece of XStub shim which I've implemented to allow GSSAPI 
> SASL binds to be performed from Net::LDAP. Would you be interested in having 
> this intergrated into the Net::LDAP distribution, and if not, who (Graham?) 
> do I need to speak to about carving out a chunk of the Authen::SASL namespace 
> for it.
> 
> I'd also like, as a slightly longer term project, to do some work on the 
> Authen::SASL infrastructure, so that it can better support connection 
> encryption rather than just authentication, and so that the 
> challenge/response mechanism is better defined.
> 
> Cheers,
> 
> Simon.
> 
> -- 
> Simon Wilkinson            <si...@sx...>          http://www.sxw.org.uk
> "For every complex problem, there is a solution that is simple, neat, and
> wrong." -- H. L. Mencken
> 
> 
> 

Re: GSSAPI/Kerberos binds with Net::LDAP

[Simon W. <sx...@sx...>]

On Thu, 15 Feb 2001, you wrote:

> The Net::LDAP distribution is completely perl, so I would not want to
> add and XS to it. But I would consider making changes so that it could
> be used but distribued separately.

Okay, understood. I thought you probably wouldn't want to change that. What
I've got at the moment is a package that adds Authen::SASL::Cyrus and 
Authen::SASL::GSSAPI. The Cyrus package is designed to eventually be a 
general purpose interface to Cyrus SASL, the GSSAPI one specifically does 
GSSAPI. So, I hope these packages could live seperately. (I just need to get 
distributing things via PAUSE sorted out)

> As for Authen::SASL, I am in the process of giving this an overhaul,
> but again I want it to remain mainly perl only. But I would be happy
> to talk to you about it.

Sure. I don't think that it should change from being perl-only. However, the 
methods that it makes available to its sub classes mean that some things need 
to be passed in multiple times, and other methods have to be overloaded.
What I'd like to see is a suitably defined class that it can be used with 
entire perl authentication modules, or with ones based on C code (in 
particular, on Cyrus SASL). However, I was very impressed by just how easy it 
was to get this all working, once I'd got some perl bindings for Cyrus-SASL 
going.

I've uploaded my current package to http://www.sxw.org.uk/computing/software/
to allow others to have a look at  it. Bits of it are still very primitive, 
but it "works for me". I've tested it to get Kerberos v5 authenticated 
connections between Net::LDAP and OpenLDAP v2.

Cheers,

Simon.

-- 
Simon Wilkinson            <si...@sx...>          http://www.sxw.org.uk
"But apart from that, Mrs Lincoln, how did you enjoy the play?"

Re: GSSAPI/Kerberos binds with Net::LDAP

[Graham B. <gb...@po...>]

Interestingly Authen::SASL was originally designed to be a cut down
implementation of cyrus, but in perl. cyrus itself is just a framework,
which is what Authen::SASL is supposed to be. The sub-classes are where
the real work is done.

My current thought was to get the Authen::SASL framework much closer
to cyrus anyway.

Graham.

On Thu, Feb 15, 2001 at 07:00:59PM +0000, Simon Wilkinson wrote:
> On Thu, 15 Feb 2001, you wrote:
> 
> > The Net::LDAP distribution is completely perl, so I would not want to
> > add and XS to it. But I would consider making changes so that it could
> > be used but distribued separately.
> 
> Okay, understood. I thought you probably wouldn't want to change that. What
> I've got at the moment is a package that adds Authen::SASL::Cyrus and 
> Authen::SASL::GSSAPI. The Cyrus package is designed to eventually be a 
> general purpose interface to Cyrus SASL, the GSSAPI one specifically does 
> GSSAPI. So, I hope these packages could live seperately. (I just need to get 
> distributing things via PAUSE sorted out)
> 
> > As for Authen::SASL, I am in the process of giving this an overhaul,
> > but again I want it to remain mainly perl only. But I would be happy
> > to talk to you about it.
> 
> Sure. I don't think that it should change from being perl-only. However, the 
> methods that it makes available to its sub classes mean that some things need 
> to be passed in multiple times, and other methods have to be overloaded.
> What I'd like to see is a suitably defined class that it can be used with 
> entire perl authentication modules, or with ones based on C code (in 
> particular, on Cyrus SASL). However, I was very impressed by just how easy it 
> was to get this all working, once I'd got some perl bindings for Cyrus-SASL 
> going.
> 
> I've uploaded my current package to http://www.sxw.org.uk/computing/software/
> to allow others to have a look at  it. Bits of it are still very primitive, 
> but it "works for me". I've tested it to get Kerberos v5 authenticated 
> connections between Net::LDAP and OpenLDAP v2.
> 
> Cheers,
> 
> Simon.
> 
> -- 
> Simon Wilkinson            <si...@sx...>          http://www.sxw.org.uk
> "But apart from that, Mrs Lincoln, how did you enjoy the play?"
>