This file is indexed.

/usr/share/perl5/Authen/SASL/Perl.pod is in libauthen-sasl-perl 2.1500-1.

This file is owned by root:root, with mode 0o644.

The actual contents of the file can be viewed below.

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
# Copyright (c) 2004 Peter Marschall <peter@adpm.de>. All rights reserved.
# This program is free software; you can redistribute it and/or
# modify it under the same terms as Perl itself.

=head1 NAME

Authen::SASL::Perl -- Perl implementation of the SASL Authentication framework

=head1 SYNOPSIS

 use Authen::SASL qw(Perl);

 $sasl = Authen::SASL->new(
   mechanism => 'CRAM-MD5 PLAIN ANONYMOUS',
   callback => {
     user => $user,
     pass => \&fetch_password
   }
 );

=head1 DESCRIPTION

B<Authen::SASL::Perl> is the pure Perl implementation of SASL mechanisms
in the B<Authen::SASL> framework.

At the time of this writing it provides the client part implementation
for the following SASL mechanisms:

=over 4

=item ANONYMOUS

The Anonymous SASL Mechanism as defined in RFC 2245 resp. 
in IETF Draft draft-ietf-sasl-anon-03.txt from February 2004
provides a method to anonymously access internet services.

Since it does no authentication it does not need to send 
any confidential information such as passwords in plain text
over the network.


=item CRAM-MD5

The CRAM-MD5 SASL Mechanism as defined in RFC2195 resp.
in IETF Draft draft-ietf-sasl-crammd5-XX.txt
offers a simple challenge-response authentication mechanism.

Since it is a challenge-response authentication mechanism
no passwords are transferred in clear-text over the wire.

Due to the simplicity of the protocol CRAM-MD5 is susceptible
to replay and dictionary attacks, so DIGEST-MD5 should be used
in preferrence.


=item DIGEST-MD5

The DIGEST-MD5 SASL Mechanism as defined in RFC 2831 resp.
in IETF Draft draft-ietf-sasl-rfc2831bis-XX.txt
offers the HTTP Digest Access Authentication as SASL mechanism.

Like CRAM-MD5 it is a challenge-response authentication
method that does not send plain text passwords over the network.

Compared to CRAM-MD5, DIGEST-MD5 prevents chosen plaintext
attacks, and permits the use of third party authentication servers,
so that it is recommended to use DIGEST-MD5 instead of CRAM-MD5
when possible.


=item EXTERNAL

The EXTERNAL SASL mechanism as defined in RFC 2222
allows the use of external authentication systems as SASL mechanisms.


=item GSSAPI

The GSSAPI SASL mechanism as defined in RFC 2222 resp. IETF Draft
draft-ietf-sasl-gssapi-XX.txt allows using the Generic Security Service
Application Program Interface [GSSAPI] KERBEROS V5 as as SASL mechanism.

Although GSSAPI is a general mechanism for authentication it is almost
exlusively used for Kerberos 5.


=item LOGIN

The LOGIN SASL Mechanism as defined in IETF Draft
draft-murchison-sasl-login-XX.txt allows  the
combination of username and clear-text password to be used
in a SASL mechanism.

It does does not provide a security layer and sends the credentials
in clear over the wire.
Thus this mechanism should not be used without adequate security
protection.


=item PLAIN

The Plain SASL Mechanism as defined in RFC 2595 resp. IETF Draft
draft-ietf-sasl-plain-XX.txt is another SASL mechanism that allows
username and clear-text password combinations in SASL environments.

Like LOGIN it sends the credentials in clear over the network
and should not be used without sufficient security protection.

=back

As for server support, only I<PLAIN>, I<LOGIN> and I<DIGEST-MD5> are supported
at the time of this writing.

C<server_new> OPTIONS is a hashref that is only relevant for I<DIGEST-MD5> for
now and it supports the following options:

=over 4

=item - no_integrity

=item - no_confidentiality

=back

which configures how the security layers are negotiated with the client (or
rather imposed to the client).


=head1 SEE ALSO

L<Authen::SASL>,
L<Authen::SASL::Perl::ANONYMOUS>,
L<Authen::SASL::Perl::CRAM_MD5>,
L<Authen::SASL::Perl::DIGEST_MD5>,
L<Authen::SASL::Perl::EXTERNAL>,
L<Authen::SASL::Perl::GSSAPI>,
L<Authen::SASL::Perl::LOGIN>,
L<Authen::SASL::Perl::PLAIN>

=head1 AUTHOR

Peter Marschall <peter@adpm.de>

Please report any bugs, or post any suggestions, to the perl-ldap mailing list
<perl-ldap@perl.org>

=head1 COPYRIGHT

Copyright (c) 2004-2006 Peter Marschall.
All rights reserved. This document is distributed, and may be redistributed,
under the same terms as Perl itself.

=cut