GSP
Quick Navigator
Search Site

Unix VPS
A - Starter
B - Basic
C - Preferred
D - Commercial
MPS - Dedicated
Previous VPSs
* Sign Up! *

Support
Contact Us
Online Help
Handbooks
Domain Status
Man Pages

FAQ
Virtual Servers
Pricing
Billing
Technical

Network
Facilities
Connectivity
Topology Map

Miscellaneous
Server Agreement
Year 2038
Credits
 

USA Flag

 

 

Man Pages
Authen::SCRAM::Client(3) User Contributed Perl Documentation Authen::SCRAM::Client(3)

Authen::SCRAM::Client - RFC 5802 SCRAM client

version 0.011 

    use Authen::SCRAM::Client;
    use Try::Tiny;

    $client = Authen::SCRAM::Client->new(
        username => 'johndoe',
        password => 'trustno1',
    );

    try {
        $client_first = $client->first_msg();

        # send to server and get server-first-message

        $client_final = $client->final_msg( $server_first );

        # send to server and get server-final-message

        $client->validate( $server_final );
    }
    catch {
        die "Authentication failed!"
    };

This module implements the client-side SCRAM algorithm.

Authen::SCRAM::Client - RFC 5802 SCRAM client

version 0.011

Authentication identity. This will be normalized with the SASLprep algorithm before being transmitted to the server.

Authentication password. This will be normalized with the SASLprep algorithm before being transmitted to the server.

If the authentication identity ("username") will act as a different, authorization identity, this attribute provides the authorization identity. It is optional. If not provided, the authentication identity is considered by the server to be the same as the authorization identity.

If the server requests an iteration count less than this value, the client throws an error. This protects against downgrade attacks. The default is 4096, consistent with recommendations in the RFC.

Name of a digest function available via PBKDF2::Tiny. Valid values are SHA-1, SHA-224, SHA-256, SHA-384, or SHA-512. Defaults to SHA-1.

Size of the client-generated nonce, in bits. Defaults to 192. The server-nonce will be appended, so the final nonce size will be substantially larger.

A boolean that defaults to false. If set to true, usernames and passwords will not be normalized through SASLprep. This is a deviation from the RFC5802 spec and is not recommended. 

    $client_first_msg = $client->first_msg();

This takes no arguments and returns the "client-first-message" character string to be sent to the server to initiate a SCRAM session. Calling this again will reset the internal state and initiate a new session. This will throw an exception should an error occur.

    $client_final_msg = $client->final_msg( $server_first_msg );

This takes the "server-first-message" character string received from the server and returns the "client-final-message" character string containing the authentication proof to be sent to the server. This will throw an exception should an error occur.

    $client->validate( $server_final_msg );

This takes the "server-final-message" character string received from the server and verifies that the server actually has a copy of the client credentials. It will return true if valid and throw an exception, otherwise.

This method returns the opaque keys used in the SCRAM protocol. It returns the 'stored key', the 'client key' and the 'server key'. The server must have a copy of the stored key and server key for a given user in order to authenticate.

This method caches the computed values -- it generates them fresh only if the supplied salt and iteration count don't match the cached salt and iteration count.

The SCRAM protocol mandates UTF-8 interchange. However, all methods in this module take and return character strings. You must encode to UTF-8 before sending and decode from UTF-8 on receiving according to whatever transport mechanism you are using.

This is done to avoid double encoding/decoding problems if your transport is already doing UTF-8 encoding or decoding as it constructs outgoing messages or parses incoming messages.

David Golden <dagolden@cpan.org>

This software is Copyright (c) 2014 by David Golden.

This is free software, licensed under:

  The Apache License, Version 2.0, January 2004

David Golden <dagolden@cpan.org>

This software is Copyright (c) 2014 by David Golden.

This is free software, licensed under:

  The Apache License, Version 2.0, January 2004
2018-06-24 perl v5.32.1
Search for    or go to Top of page |  Section 3 |  Main Index

Powered by GSP Visit the GSP FreeBSD Man Page Interface.
Output converted with ManDoc.