NAME¶
WebAuth::Token::Cred - WebAuth cred tokens
SYNOPSIS¶
my $token = WebAuth::Token::Cred->new;
$token->subject ('user');
$token->type ('krb5');
$token->service ('service/foo@EXAMPLE.COM');
$token->data ($ticket);
$token->creation (time);
$token->expiration (time + 3600);
print $token->encode ($keyring), "\n";
DESCRIPTION¶
A WebAuth cred token, which holds a credential for some other service, usually a
Kerberos service ticket. It is sent back by the WebKDC to a WebAuth
Application Server when requested using a proxy token, and the WAS also uses
it to store the credentials in cookies.
CLASS METHODS¶
- new ()
- Create a new, empty WebAuth::Token::Cred. At least some attributes will
have to be set using the accessor methods described below before the token
can be used.
INSTANCE METHODS¶
As with WebAuth module functions, failures are signaled by throwing
WebAuth::Exception rather than by return status.
General Methods¶
- encode (KEYRING)
- Generate the encoded and encrypted form of this token using the provided
KEYRING. The encryption key used will be the one returned by the
best_key() method of WebAuth::Keyring on that KEYRING.
Accessor Methods¶
- subject ([SUBJECT])
- Get or set the subject, which holds the identity of the user for which
this token contains credentials.
- type ([TYPE])
- Get or set the type of credential stored in this token. Currently, this is
always "krb5" (but still must be
explicitly set if creating a new token).
- service ([SERVICE])
- Get or set the service for which this token stores a credential. For
tokens of type "krb5", this is the
fully-qualified principal name of the service ticket stored in this
token.
- data ([CREDENTIAL])
- Get or set the credential stored in this token. This is currently always a
Kerberos ticket in the form created by the export_cred() method of
the WebAuth::Krb5 module.
- creation ([TIMESTAMP])
- Get or set the creation timestamp for this token in seconds since epoch.
If not set, the encoded token will have a creation time set to the time of
encoding.
- expiration ([TIMESTAMP])
- Get or set the expiration timestamp for this token in seconds since
epoch.
AUTHOR¶
Russ Allbery <eagle@eyrie.org>