NAME¶
WebAuth::Token::Cred - WebAuth cred tokens
SYNOPSIS¶
my $token = WebAuth::Token::Cred->new;
$token->subject ('user');
$token->type ('krb5');
$token->service ('service/foo@EXAMPLE.COM');
$token->data ($ticket);
$token->creation (time);
$token->expiration (time + 3600);
print $token->encode ($keyring), "\n";
DESCRIPTION¶
A WebAuth cred token, which holds a credential for some other service, usually a
Kerberos service ticket. It is sent back by the WebKDC to a WebAuth
Application Server when requested using a proxy token, and the WAS also uses
it to store the credentials in cookies.
CLASS METHODS¶
- new ()
- Create a new, empty WebAuth::Token::Cred. At least some
attributes will have to be set using the accessor methods described below
before the token can be used.
INSTANCE METHODS¶
As with WebAuth module functions, failures are signaled by throwing
WebAuth::Exception rather than by return status.
General Methods¶
- encode (KEYRING)
- Generate the encoded and encrypted form of this token using
the provided KEYRING. The encryption key used will be the one returned by
the best_key() method of WebAuth::Keyring on that KEYRING.
Accessor Methods¶
- subject ([SUBJECT])
- Get or set the subject, which holds the identity of the
user for which this token contains credentials.
- type ([TYPE])
- Get or set the type of credential stored in this token.
Currently, this is always "krb5" (but still must be explicitly
set if creating a new token).
- service ([SERVICE])
- Get or set the service for which this token stores a
credential. For tokens of type "krb5", this is the
fully-qualified principal name of the service ticket stored in this
token.
- data ([CREDENTIAL])
- Get or set the credential stored in this token. This is
currently always a Kerberos ticket in the form created by the
export_cred() method of the WebAuth::Krb5 module.
- creation ([TIMESTAMP])
- Get or set the creation timestamp for this token in seconds
since epoch. If not set, the encoded token will have a creation time set
to the time of encoding.
- expiration ([TIMESTAMP])
- Get or set the expiration timestamp for this token in
seconds since epoch.
AUTHOR¶
Russ Allbery <eagle@eyrie.org>
SEE ALSO¶
WebAuth(3),
WebAuth::Keyring(3),
WebAuth::Krb5(3),
WebAuth::Token(3)
This module is part of WebAuth. The current version is available from
<
http://webauth.stanford.edu/>.