SYNOPSIS

   #! /usr/bin/perl -w

   use strict;
   require LWP::UserAgent;

   # uncomment if you want see what is going wrong messages
   #
   #use LWP::Debug qw(+);

   my $ua = LWP::UserAgent->new;
   my $response = $ua->get('http://testwurst.grolmsnet.lan:8090/geheim/');
   if ($response->is_success) {
      print $response->content;  # or whatever
   }
   else {
       die $response->status_line;
   }

just install LWP::Authen::Negotiate, \s-1LWP\s0 uses it as authentication plugin. Use your LWP::UserAgent Scripts as usual. Authentication is done transparent based on your \s-1GSSAPI\s0 installation (\s-1MIT\s0 Kerberos or Heimdal)

WWW-Negotiate Webservers are \s-1IIS\s0 or Apache with mod_auth_kerb for example.

DESCRIPTION

To see what ist going on add

use LWP::Debug qw(+);

to yor \s-1LWP\s0 using Scripts.

(e.g. too see what is going wrong with \s-1GSSAPI\s0...)

DEBUGGING

To see what ist going on (and going wrong) add

use LWP::Debug qw(+);

to yor \s-1LWP\s0 using Scripts.

(e.g. too see what is going wrong with \s-1GSSAPI\s0...)

the output will look like this:

LWP::UserAgent::new: () LWP::UserAgent::request: () LWP::UserAgent::send_request: GET http://testwurst.grolmsnet.lan:8090/geheim/ LWP::UserAgent::_need_proxy: Not proxied LWP::Protocol::http::request: () LWP::Protocol::collect: read 478 bytes LWP::UserAgent::request: Simple response: Unauthorized LWP::Authen::Negotiate::authenticate: authenticate() called LWP::Authen::Negotiate::authenticate: target hostname testwurst.grolmsnet.lan LWP::Authen::Negotiate::authenticate: GSSAPI servicename HTTP/[email protected] LWP::Authen::Negotiate::authenticate: Miscellaneous failure (see text) LWP::Authen::Negotiate::authenticate: open(/tmp/krb5cc_1000): file not found

In this case the credentials cache was empty. Run kinit first ;-)

ENVIRONMENT

\s-1LWP_AUTHEN_NEGOTIATE_DELEGATE\s0

Define to enable ticket forwarding to webserver.

RELATED TO LWP::Authen::Negotiate…

http://www.kerberosprotocols.org/index.php/Draft-brezak-spnego-http-03.txt

Description of WWW-Negotiate protol

http://modauthkerb.sourceforge.net/

the Kerberos and \s-1SPNEGO\s0 Authentication module for Apache mod_auth_kerb

http://perlgssapi.sourceforge.net/

Module Homepage

http://www.kerberosprotocols.org/index.php/Web

Sofware and APIs related to WWW-Negotiate

http://www.grolmsnet.de/kerbtut/

describes how to let mod_auth_kerb play together with Internet Explorer and Windows2003 Server

BUGS

As default Kerberos 5 is selected as \s-1GSSAPI\s0 mechanism. a later veriosn will make that configureable.

AUTHOR

Achim Grolms, <[email protected]>

http://perlgssapi.sourceforge.net/

Thanks to

Leif Johansson

who has conributed a lot of code from his implementation of the module and send a lot of input, ideas and feedback

Harald Joerg

helped with Kerberos knowledge and does testing on cygwin against \s-1IIS\s0 and mod_auth_kerb

Christopher Odenbach

does a lot of testing on Linux and Solaris

Dax Kelson

does a lot of testing on Linux

Karsten Kuenne

helped with advice

COPYRIGHT AND LICENSE

Copyright (C) 2006 by Achim Grolms <[email protected]>

This library is free software; you can redistribute it and/or modify it under the same terms as Perl itself, either Perl version 5.8.4 or, at your option, any later version of Perl 5 you may have available.