LWP::Authen::Negotiate

LWP::Authen::Negotiate

am 03.12.2005 00:47:19 von achim

Hello,

as "proof of concept" project I have written
LWP::Authen::Negotiate,
an authentication plugin for Perl's LWP::UserAgent
that proviedes Kerberos Authentication via GSSAPI and SPNEGO
I have tested it against mod_auth_kerb and IIS webserver.
(works fine for me)

Feel free to test and use it.

Do you think it it useful?
What has do be changed to make it "ready for CPAN"?

The actual version is available at


Thank you,
Achim

Re: LWP::Authen::Negotiate

am 03.12.2005 11:43:31 von leifj

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Achim Grolms wrote:
> Hello,
>
> as "proof of concept" project I have written
> LWP::Authen::Negotiate,
> an authentication plugin for Perl's LWP::UserAgent
> that proviedes Kerberos Authentication via GSSAPI and SPNEGO
> I have tested it against mod_auth_kerb and IIS webserver.
> (works fine for me)
>
> Feel free to test and use it.
>
> Do you think it it useful?
> What has do be changed to make it "ready for CPAN"?
>
> The actual version is available at
>
>
> Thank you,
> Achim

I did one too. Didn't get a comment from this list from my
question either ;-) Look in the list archives for my tarball.

MVH leifj
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.9.9 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFDkXbT8Jx8FtbMZncRAm9oAJ9UYZNvQRUeEMih+2CqGkpnrZsFywCg oAA+
c0E7yHHxjNPC0m1Diq1i8nk=
=0wGs
-----END PGP SIGNATURE-----

Re: LWP::Authen::Negotiate

am 03.12.2005 11:48:36 von leifj

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Achim Grolms wrote:
> Hello,
>
> as "proof of concept" project I have written
> LWP::Authen::Negotiate,
> an authentication plugin for Perl's LWP::UserAgent
> that proviedes Kerberos Authentication via GSSAPI and SPNEGO
> I have tested it against mod_auth_kerb and IIS webserver.
> (works fine for me)
>
> Feel free to test and use it.
>
> Do you think it it useful?
> What has do be changed to make it "ready for CPAN"?
>
> The actual version is available at
>
>
> Thank you,
> Achim

Hmm why not use the GSSAPI-module already in CPAN Philip Guenther
has a much more complete XS-glue. He is gettin a new version out
that fixes various compat issues for heimdal.

MVH leifj
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.9.9 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFDkXgD8Jx8FtbMZncRAt9xAJ0cGcBuv7x1uU/BSj6NOWcU6xUREACe Nfx1
wFqN/nLgDpROBm0OKaHLO0E=
=VII1
-----END PGP SIGNATURE-----

Re: LWP::Authen::Negotiate

am 03.12.2005 15:14:11 von achim

On Saturday 03 December 2005 11:48, Leif Johansson wrote:

> Hmm why not use the GSSAPI-module already in CPAN Philip Guenther
> has a much more complete XS-glue.

1. When I tested the module (last week) it does not compile an build and
had no documentation how to use it.
so I just wrote my own bindings that worked for me.

2. It's the first time for me to write XS bindings, so i misused GSSAPI
as my object of writing XS-Code ;-)

3. I have thought of the Authen::SPNEGO Namespace because
I am going to write an Authen::SPNEGO::Win32SSPI Module to
make the Win32 native Kerberro API available on Windows platforms to
LWP::Authen::Negotiate.
Authen::SPNEGO will be the proxy Interface that uses Win32 or
GSSAPI bindings, so that it doesnt matters to LWP::Authen::GSSAPI
what Platform (Win32 or GSSAPI) provides the Authentication system.
As Authen::SPNEGO::GSSAPI::SecurityContext is an Interface to my own
bindings, I think I can rewrite Authen::SPNEGO::GSSAPI::SecurityContext
to use other XS bindinge than mine if a complete GSSAPI module is available
in CPAN.

Yes, you are right, if the Philip Guenther module it is better to use his
bindings in Authen::SPNEGO::GSSAPI::SecurityContext.
Are you in contact with Philip Guenther what the state of development is?

BTW: First I have searched for LWP::Authen::Negotiate in CPAN, why
is your module not in CPAN?

Achim

Re: LWP::Authen::Negotiate

am 22.12.2005 00:34:27 von hAj

Leif Johansson writes:

> Hi, I have a working implementation of Negotiate-authentication for
> LWP which I plan to release to CPAN asap. There are a few dependen-
> cies left which involve other CPAN authors which must be resolved
> first.
>
> Since I am new to PAUSE (but not to perl) I would like to know if
> there are any namespace issues which should be resolved on this
> list before I can release the code?
>
> Beware that the included version may not work for you depending on
> which kerberos version you have used to build GSSAPI (this will
> be resolve in time for release).

This was half a year ago, so please apologize my impatience....

What are the further plans with this module? It isn't on CPAN until now
(or at least, I've been unable to find it). Recent Win2003 domain
controllers don't work with Auth::NTLM::HTTP in its current state, so
GSSAPI/Kerberos might be an interesting alternative for cross-platform
(both Apache/IE and IIS/Firefox) authentication.
--
Cheers,
haj