Thread: kerberos asn1

kerberos asn1

From: Matt S. <se...@co...> - 2002-07-01 16:44:54

The patch to Net::LDAP::ASN should add the kerberos ASN1.

@@ -165,7 +165,8 @@
 
     AuthenticationChoice ::= CHOICE {
 	simple                  [0] OCTET STRING,
-		     -- 1 and 2 reserved
+	krbv42LDAP              [1] OCTET STRING,
+	krbv42DSA               [2] OCTET STRING,
 	sasl                    [3] SaslCredentials }
 
     SaslCredentials ::= SEQUENCE {

What else would need to be added to the package to allow you to do 
kerberized auth?  Btw, I got the ASN1 values from RFC 1777[1].

[1] ftp://ftp.isi.edu/in-notes/rfc1777.txt

Re: kerberos asn1

From: Graham B. <gb...@po...> - 2002-07-01 17:10:09

On Mon, Jul 01, 2002 at 12:44:51PM -0400, Matt Selsky wrote:
> The patch to Net::LDAP::ASN should add the kerberos ASN1.
> 
> @@ -165,7 +165,8 @@
>  
>      AuthenticationChoice ::= CHOICE {
>  	simple                  [0] OCTET STRING,
> -		     -- 1 and 2 reserved
> +	krbv42LDAP              [1] OCTET STRING,
> +	krbv42DSA               [2] OCTET STRING,
>  	sasl                    [3] SaslCredentials }
>  
>      SaslCredentials ::= SEQUENCE {
> 
> What else would need to be added to the package to allow you to do 
> kerberized auth?  Btw, I got the ASN1 values from RFC 1777[1].

You mean use the OLD krb4 authentication. To do that all that needs
to be done is to add those fields as

  krbv41 [1] OCTET STRING,
  krbv42 [2] OCTET STRING,

You can then use krb41password and krb42password arguments to the bind
method.

Graham.

Re: kerberos asn1

From: Matt S. <se...@co...> - 2002-07-01 17:20:19

> You mean use the OLD krb4 authentication. To do that all that needs
> to be done is to add those fields as
> 
>   krbv41 [1] OCTET STRING,
>   krbv42 [2] OCTET STRING,
> 
> You can then use krb41password and krb42password arguments to the bind
> method.

I changed ASN.pm as you suggested and then used this code to bind:

$ldap->bind( 'user=selsky, o=Columbia University, c=US',
                      krbv42 => 1 );

And I get the error message:

No AUTH supplied

According to the rfc, you need to pass the return of krb_mk_req().  How 
do I get that?  Do I need to write XS code to call that function and 
then pass that value back?

Re: kerberos asn1

From: Graham B. <gb...@po...> - 2002-07-01 17:22:17

On Mon, Jul 01, 2002 at 01:20:11PM -0400, Matt Selsky wrote:
> > You mean use the OLD krb4 authentication. To do that all that needs
> > to be done is to add those fields as
> > 
> >   krbv41 [1] OCTET STRING,
> >   krbv42 [2] OCTET STRING,
> > 
> > You can then use krb41password and krb42password arguments to the bind
> > method.
> 
> I changed ASN.pm as you suggested and then used this code to bind:
> 
> $ldap->bind( 'user=selsky, o=Columbia University, c=US',
>                       krbv42 => 1 );

You did not read me mail. Try krb42password, but I doubt that the value of 1
is correct.

> And I get the error message:
> 
> No AUTH supplied
> 
> According to the rfc, you need to pass the return of krb_mk_req().  How 
> do I get that?  Do I need to write XS code to call that function and 
> then pass that value back?

I have no idea how you would get that. Maybe there is a krb4 module on CPAN
that could help.

Graham.

Thread: kerberos asn1

perl-ldap-dev