aboutsummaryrefslogtreecommitdiffstats
path: root/lib
diff options
context:
space:
mode:
authorGuilhem Moulin <guilhem.moulin@fripost.org>2012-09-24 23:40:27 +0200
committerGuilhem Moulin <guilhem.moulin@fripost.org>2012-09-24 23:40:27 +0200
commitc5abfa216d18d374e493fd309a1f4748af094e50 (patch)
tree2bdc0d4f4f8e9d6a5548433ff38c286ca8195acb /lib
parent33364b4a63d9082eed3a956f7a1567f343839999 (diff)
Use GSSAPI authentication for the WebPanel service.
Diffstat (limited to 'lib')
-rw-r--r--lib/Fripost/Schema.pm21
1 files changed, 12 insertions, 9 deletions
diff --git a/lib/Fripost/Schema.pm b/lib/Fripost/Schema.pm
index 35c69e2..a0730f9 100644
--- a/lib/Fripost/Schema.pm
+++ b/lib/Fripost/Schema.pm
@@ -34,9 +34,10 @@ use Net::IDN::Encode qw/email_to_ascii/;
=item B<SASLauth> (I<username>, I<CFG>)
-Start a LDAP connection, and SASL-authenticate using proxy
-authentication for the given (fully-qualified) user. I<CFG> should
-contain definitions for the LDAP suffix and the authentication ID.
+Start a LDAP connection, and SASL-authenticate (with the GSSAPI
+mechanism) using proxy authentication for the given (fully-qualified)
+user. I<CFG> should contain definitions for the LDAP suffix and the
+authentication ID.
=cut
@@ -51,12 +52,14 @@ sub SASLauth {
$self->ldap( Net::LDAP::->new( $cfg{ldap_uri}, async => 1 ) );
my $sasl = Authen::SASL::->new(
- mechanism => 'DIGEST-MD5',
- callback => { user => $cfg{ldap_authcID}
- , pass => $cfg{ldap_authcPW}
- , authname => 'dn:'.$self->whoami }
+ mechanism => 'GSSAPI',
+ callback => { user => 'dn:'.$self->whoami
+ , authname => $cfg{krb5_principal} }
);
- my $mesg = $self->ldap->bind( sasl => $sasl );
+ my $conn = $sasl->client_new('ldap', $cfg{krb5_host} );
+ die $conn->error if $conn->code;
+
+ my $mesg = $self->ldap->bind( '', sasl => $conn );
# This is not supposed to happen.
die $mesg->error if $mesg->code;
@@ -66,7 +69,7 @@ sub SASLauth {
=item B<auth> (I<username>, I<password>, I<CFG>)
-Start a LDAP connection, and (simples-) binds the given user.
+Start a LDAP connection, and (simple-) binds the given user.
I<CFG> should contain definitions for the LDAP suffix and URI.
=cut