Authen::Krb5Password

NAME
     Authen::Krb5Password - Perl extension for Kerberos 5
     password verification

SYNOPSIS
       use Authen::Krb5Password;
       $success = kpass("username", "password", "service", "host", "FILE:/path/t
o/keytab");

DESCRIPTION
     This module provides a Perl function to perform password
     verification using Kerberos 5. It is intended for use by
     applications that cannot use the Kerberos protocol directly.
     If it must be run on a system that receives a username and
     password over the network, steps should be taken to ensure
     that these are passed to the server in a cryptographically
     secure manner.

     kpass() attempts to obtain credentials for the given
     username and password from the Kerberos AS, then obtain
     credentials for a local service from the Kerberos TGS to
     verify the authenticity of the AS response. Empty strings
     can be passed as the 3rd and/or 4th arguments to use the
     default service name ("host") and the fully canonicalized
     primary hostname of the system that the function is executed
     on. The fifth argument may be omitted to use the system's
     default keytab file.

     kpass() returns -1 if an error occurs, 0 if the username or
     password is incorrect, or 1 if password verification is
     successful. Errors and authentication failures are recorded
     via syslog(3). Because of deficiencies in Perl's syslog
     implementation in Sys::Syslog(3), there's no clean way to
     log output to any facility other than the default LOG_USER.
     One possible way around this problem is to use the
     Unix::Syslog module available on CPAN, which correctly uses
     your platform's native syslog library routines to perform
     the functions.

Prerequisites:

	- perl 5
	- MIT Kerberos V5 Release 1.2.x or better (this module
	  also appears to work with Heimdal Kerberos, although
	  I have not extensively tested it)
	- Creation of an application service principal on the Kerberos
	  server in order to verify the KDC's response. And access to
	  a local keytab file containing the key for that principal.

To build and install:

1. Edit "Makefile.PL" to reflect the proper locations of the MIT 
   Kerberos 5 libraries and include directories for your system.
2. perl Makefile.PL
3. make
4. make test
5. (as root) make install
6. make distclean

Note that it may be necessary to create a keytab file specifically 
for use with this module since the default system keytab file is 
usually readable only by root.

Shumon Huque
E-mail: <shuque -at- isc.upenn.edu>
University of Pennsylvania.

Copyright (c) 2004, 2005 Shumon Huque. All rights reserved.  This 
program is free software; you can redistribute it and/or modify it 
under the same terms as Perl itself.