[Perlgssapi-developer] Fwd: Re: bind() and SASL authentication via GSSAPI

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

Hello,
the Authen::SASL people
are doing some SASL-GSSAPI authentication
with the GSSAPI.pm module.

I've tested it on Net::LDAP and sent feedback to per...@pe....
Please let me know if you have a need for SASL, too!

Thank you,
Achim

----------  Forwarded Message  ----------

Subject: Re: bind() and SASL authentication via GSSAPI
Date: Wednesday 22 February 2006 21:24
From: Achim Grolms <ac...@gr...>
To: per...@pe...

On Wednesday 22 February 2006 09:22, Peter Marschall wrote:
> Hi,
>
> On Tuesday, 21. February 2006 19:55, Achim Grolms wrote:
> > Is there an easy way to export the actual version of Authen::SASL::Perl
> > you want me to test?
>
> svn export https://svn.mutatus.co.uk/repos/Authen-SASL/trunk/

I've done some testing now using Net::LDAP againt a Windows2003 AD server.

#! /usr/bin/perl -w

use strict;

use Net::LDAP;
use Authen::SASL;

my $sasl = Authen::SASL->new( mechanism => 'GSSAPI' );
my  $adhost = 'ldapserver.example.com';

my $ldap = Net::LDAP->new( $adhost,
                             onerror => 'die',
                             #debug => 2,
                          ) or die "Cannot connect to LDAP host
###$adhost###$@";

$ldap->bind ( sasl => $sasl  );
print "\n\n ##### reached bind OK Phase";
my $mesg = $ldap->search ( base => 'dc=fsc,dc=net',
                           #attrs => $p_attrs,
                           filter => "(&(sAMAccountName=USERNAME))");

worked for me.

I've done some persnonal adjusments to the GSSAPI.pm module

(See attached diff).

DO NOT FEED THAT INTO SVN,
it's juts a base for discussion.
But it worked :-)

Questions:

1. I there a canonical way in Authen::SASL to printout debugmessages?
(I've added sub __debug_message(), but I think there is a better way :-D)
I needed that to see the states og the module.

2. the GSSAPI system can fail and reports errormessages
(caused by DNS problems, wrong /etc/hosts, credentials expired)...
All this errormessaged has to be passed to the user so he gets a chance to
 fix that problems (typing kinit etc...)
When useing the

return $self->set_error("GSSAPI Error : ".$status);

I see no errormessage, so I make the module simple die
in case of GSSAPI error.
(That was the simplest for debugging).
But what is the ebst way for errorreporting in a CPAN version of the module?

Thank you,
Achim

-------------------------------------------------------