SYNOPSIS
use AFS::KTC_TOKEN;
use AFS::KTC_PRINCIPAL;
use AFS::KTC_EKEY;
use AFS::Cell qw(localcell);
my $token = AFS::KTC_TOKEN->nulltoken;
print "StartTime = ", $token->startTime, "\n";
print "EndTime = ", $token->endTime, "\n";
print "SessionKey = ", $token->sessionKey, "\n";
print "Kvno = ", $token->kvno, "\n";
print "TicketLen = ", $token->ticketLen, "\n";
print "Ticket = ", $token->ticket, "\n";
print "String = ", $token->string, "\n";
my $index = 0;
my $service = AFS::KTC_PRINCIPAL->ListTokens($index);
print "service = ", $service->principal, "\n";
($token, my $user) = AFS::KTC_TOKEN->GetToken($service);
print " client = ", $user -> principal, "\n";
print " StartTime = ", $token->startTime, "\n";
print " EndTime = ", $token->endTime, "\n";
print " SessionKey = ", $token->sessionKey, "\n";
print " Kvno = ", $token->kvno, "\n";
print " TicketLen = ", $token->ticketLen, "\n";
print " Ticket = ", $token->ticket, "\n";
print " String = ", $token->string, "\n";
$service = AFS::KTC_PRINCIPAL->new("afs","",localcell);
($token, $user) = AFS::KTC_TOKEN->GetToken($service);
AFS::KTC_TOKEN->ForgetAllTokens();
AFS::KTC_TOKEN->SetToken($service, $token, $user, 0);
my $string = $token->string;
$token = AFS::KTC_TOKEN->FromString($string);
print " StartTime = ", $token->startTime, "\n";
print " EndTime = ", $token->endTime, "\n";
my $user = AFS::KTC_PRINCIPAL->new('nog','',localcell);
my $key = AFS::KTC_EKEY->ReadPassword('nog Password:');
my $ok = AFS::KTC_TOKEN->GetAuthToken($user, $key, 600);
$service = AFS::KTC_PRINCIPAL->new("afs","",localcell);
$token = AFS::KTC_TOKEN->GetServerToken($service, 600, 1);
$user = AFS::KTC_PRINCIPAL->new('nog','',localcell);
$key = AFS::KTC_EKEY->ReadPassword('nog Password:');
$token = AFS::KTC_TOKEN->GetAdminToken($user, $key, 300);
$user = AFS::KTC_PRINCIPAL->new('nog');
$password = AFS::KTC_EKEY->UserReadPassword("Password:");
my $pwexp = 0;
my $reason = '';
$ok = AFS::KTC_TOKEN->UserAuthenticateGeneral($user, $password, 300,
&AFS::KA_USERAUTH_VERSION | &AFS::KA_USERAUTH_DOSETPAG, $pwexp, $reason);
AFS::KTC_TOKEN->ForgetAllTokens();
DESCRIPTION
This class provides methods to handle the AFS structure ktc_token. This structure contains information about tokens and is used in the Kernel Token Cache (KTC), which is part of the Cache Manager.It is used to create, modify, and retrieve ktc_token instances for different services. It has methods to retrieve and to reset the ktc_token attributes. In order to make proper usage of these methods it is necessary to have access to AFS::KTC_PRINCIPAL objects and to AFS::KTC_EKEY objects.
COMPATIBILITY
This release does NOT support any features and interfaces from version 1.OBJECT ATTRIBUTES
- startTime
- Starting date of the token.
- endTime
- Expiration date of the token.
- sessionKey
- Session encryption key of the token.
- kvno
- Key version number associated with the Session encryption key.
- ticketLen
- The length in bytes of the data stored in the attribute 'ticket'.
- ticket
- The server ticket to use for the principal.
METHODS
- CONSTRUCTOR
- $ok = AFS::KTC_TOKEN->GetAuthToken(USER, EKEY, LIFE [, PWEXP]);
- Creates a token for the service KA_TICKET_GRANTING_SERVICE (a ticket granting ticket, TGT) for a particular USER and saves it in the memory (kernel token cache). EKEY contains the user's encryption key and LIFE indicates how long the token will be valid (in seconds, given in 5 minute intervals). If PWEXP (default -1) is given it returns the number of days till the password expires. USER must be an instance of AFS::KTC_PRINCIPAL and EKEY an instance of AFS::KTC_EKEY. This method must be performed first before you can get any service token (method GetServerToken). This method calls the AFS system library function 'ka_GetAuthToken'.
- $token = AFS::KTC_TOKEN->GetServerToken(SERVICE, LIFE [, NEWTK]);
- Returns a token for the specified SERVICE. LIFE indicates how long the token will be valid (in seconds, given in 5 minute intervals). If NEWTK is set to 1 (default), then the function should get a new token if necessary. SERVICE must be an instance of AFS::KTC_PRINCIPAL. It requires that you already possess a TGT (method GetAuthToken). It calls the AFS system library function 'ka_GetServerToken'.
- $token = AFS::KTC_TOKEN->GetAdminToken(USER, EKEY, LIFE [, NEWTK [, REASON]]);
- Creates an administration token for the specified USER. It saves the token in the memory (kernel token cache) and additionally it returns the token. EKEY contains the encryption key and LIFE indicates how long the token will be valid (in seconds, given in 5 minute intervals). If NEWTK is set to 1 (default), then the function should get a new token if necessary. On error the error message is returned in REASON. USER must be an instance of AFS::KTC_PRINCIPAL and EKEY an instance of AFS::KTC_EKEY. It calls the AFS system library function 'ka_GetAdminToken'.
- $token = AFS::KTC_TOKEN->nulltoken;
- Returns a NULL token. This token is only for use with the KAS methods "AuthServerConn" and "SingleServerConn". Do not use it with any other methods or functions.
- CLASS METHODS
- ($token, $user) = AFS::KTC_TOKEN->GetToken(SERVICE);
- Returns the token $token and the principal $user for the specified principal SERVICE. It calls the AFS system library function 'ktc_GetToken'.
- $ok = AFS::KTC_TOKEN->SetToken(SERVICE, TOKEN, USER [, FLAGS]);
- Stores the TOKEN for the given principal SERVICE and the given principal USER in the memory (kernel token cache). Possible Flags are "AFS_SETTOK_SETPAG" and "AFS_SETTOK_LOGON". It calls the AFS system library function 'ktc_SetToken'.
- $ok = AFS::KTC_TOKEN->UserAuthenticateGeneral(USER, PASSWORD, LIFE, FLAGS [, PWEXP [, REASON]]);
-
Undertakes all necessary steps for a complete authentication of
principal USER. It converts the string PASSWORD (the cleartext
password) for the principal USER to an encryption key. Then it creates
a TGT token. After that it asks for a service token for service AFS
with a life time of LIFE (in seconds, given in 5 minute intervals).
Finally it saves the service token in the memory (kernel token cache).
Possible values for FLAGS are "KA_USERAUTH_VERSION" and "KA_USERAUTH_DOSETPAG". If PWEXP (default -1) is given it returns the number of days till the password expires. On error the error message is returned in REASON. It calls the AFS system library function 'ka_UserAuthenticateGeneral'.
- $ok = AFS::KTC_TOKEN->ForgetAllTokens;
- Discards all of the issuer's tokens. It calls the AFS system library function 'ktc_ForgetAllTokens'.
- $token = AFS::KTC_TOKEN->FromString(STRING);
- Returns a recovered token from STRING. This STRING was previously generated with the instance method '$token->string'.
- ATTRIBUTES ACCESS
- $token->ATTRIBUTE;
- Retrieves the value for the specified object attribute, where ATTRIBUTE is one of the above listed object attributes (e.g. "startTime").
- INSTANCE METHODS
- $token->string;
- Returns the whole token as a "string".
CURRENT AUTHOR
Norbert E. Gruener <[email protected]>.AUTHOR EMERITUS
Roland Schemers <[email protected]>.COPYRIGHT AND DISCLAIMER
X 2001-2008 Norbert E. Gruener <[email protected]>. All rights reserved. X 1994 Board of Trustees, Leland Stanford Jr. University. All rights reserved. Most of the explanations in this document are taken from the original AFS documentation. AFS-3 Programmer's Reference: Authentication Server Interface Edward R. Zayas X 1991 Transarc Corporation. All rights reserved. IBM AFS Administration Reference X IBM Corporation 2000. All rights reserved.
This library is free software; you can redistribute it and/or modify it under the same terms as Perl itself.
- The original module is covered by the following copyright:
-
Copyright (c) 1994 Board of Trustees, Leland Stanford Jr. University
Redistribution and use in source and binary forms are permitted provided that the above copyright notice and this paragraph are duplicated in all such forms and that any documentation, advertising materials, and other materials related to such distribution and use acknowledge that the software was developed by Stanford University. The name of the University may not be used to endorse or promote products derived from this software without specific prior written permission. THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
DOCUMENT VERSION
Revision $Rev: 859 $