NAME¶
WebAuth::Token::WebKDCService - WebAuth webkdc-service tokens
SYNOPSIS¶
my $token = WebAuth::Token::WebKDCService->new;
$token->subject ('user');
$token->session_key ($key);
$token->expiration (time + 3600);
print $token->encode ($keyring), "\n";
DESCRIPTION¶
A WebAuth webkdc-service token, sent by the WebKDC to a WAS and returned by the
WAS to the WebKDC as part of the request token. The purpose of this token is
to store the session key used for encrypting the request token and its
responses. It's encrypted in the WebKDC's long-term key, and is therefore used
by the WebKDC to recover the session key without having local state.
CLASS METHODS¶
- new ()
- Create a new, empty WebAuth::Token::WebKDCService. At least some
attributes will have to be set using the accessor methods described below
before the token can be used.
INSTANCE METHODS¶
As with WebAuth module functions, failures are signaled by throwing
WebAuth::Exception rather than by return status.
General Methods¶
- encode (KEYRING)
- Generate the encoded and encrypted form of this token using the provided
KEYRING. The encryption key used will be the one returned by the
best_key() method of WebAuth::Keyring on that KEYRING.
Accessor Methods¶
- subject ([SUBJECT])
- Get or set the subject, which holds the authenticated identity of the
bearer of this token. This will normally be "krb5:" followed by
the fully-qualified Kerberos principal of the WebAuth Application Server
that requested this token.
- session_key ([KEY])
- Get or set the session key, which will be used for encrypted communication
with the entity presenting this token. This contains only the raw key
data, not a full WebAuth::Key object.
- creation ([TIMESTAMP])
- Get or set the creation timestamp for this token in seconds since epoch.
If not set, the encoded token will have a creation time set to the time of
encoding.
- expiration ([TIMESTAMP])
- Get or set the expiration timestamp for this token in seconds since
epoch.
AUTHOR¶
Russ Allbery <eagle@eyrie.org>
SEE ALSO¶
WebAuth(3),
WebAuth::Keyring(3),
WebAuth::Token(3)
This module is part of WebAuth. The current version is available from
<
http://webauth.stanford.edu/>.