AFS::KTC_TOKEN - Class to handle the AFS structure ktc_token
use AFS::KTC_TOKEN;
use AFS::KTC_PRINCIPAL;
use AFS::KTC_EKEY;
use AFS::Cell qw(localcell);
my $token = AFS::KTC_TOKEN->nulltoken;
print "StartTime = ", $token->startTime, "\n";
print "EndTime = ", $token->endTime, "\n";
print "SessionKey = ", $token->sessionKey, "\n";
print "Kvno = ", $token->kvno, "\n";
print "TicketLen = ", $token->ticketLen, "\n";
print "Ticket = ", $token->ticket, "\n";
print "String = ", $token->string, "\n";
my $index = 0;
my $service = AFS::KTC_PRINCIPAL->ListTokens($index);
print "service = ", $service->principal, "\n";
($token, my $user) = AFS::KTC_TOKEN->GetToken($service);
print " client = ", $user -> principal, "\n";
print " StartTime = ", $token->startTime, "\n";
print " EndTime = ", $token->endTime, "\n";
print " SessionKey = ", $token->sessionKey, "\n";
print " Kvno = ", $token->kvno, "\n";
print " TicketLen = ", $token->ticketLen, "\n";
print " Ticket = ", $token->ticket, "\n";
print " String = ", $token->string, "\n";
$service = AFS::KTC_PRINCIPAL->new("afs","",localcell);
($token, $user) = AFS::KTC_TOKEN->GetToken($service);
AFS::KTC_TOKEN->ForgetAllTokens();
AFS::KTC_TOKEN->SetToken($service, $token, $user, 0);
my $string = $token->string;
$token = AFS::KTC_TOKEN->FromString($string);
print " StartTime = ", $token->startTime, "\n";
print " EndTime = ", $token->endTime, "\n";
my $user = AFS::KTC_PRINCIPAL->new('nog','',localcell);
my $key = AFS::KTC_EKEY->ReadPassword('nog Password:');
my $ok = AFS::KTC_TOKEN->GetAuthToken($user, $key, 600);
$service = AFS::KTC_PRINCIPAL->new("afs","",localcell);
$token = AFS::KTC_TOKEN->GetServerToken($service, 600, 1);
$user = AFS::KTC_PRINCIPAL->new('nog','',localcell);
$key = AFS::KTC_EKEY->ReadPassword('nog Password:');
$token = AFS::KTC_TOKEN->GetAdminToken($user, $key, 300);
$user = AFS::KTC_PRINCIPAL->new('nog');
$password = AFS::KTC_EKEY->UserReadPassword("Password:");
my $pwexp = 0;
my $reason = '';
$ok = AFS::KTC_TOKEN->UserAuthenticateGeneral($user, $password, 300,
&AFS::KA_USERAUTH_VERSION | &AFS::KA_USERAUTH_DOSETPAG, $pwexp, $reason);
AFS::KTC_TOKEN->ForgetAllTokens();
NOTE: The following lines are 'version 1' style: all names are exported by default. This style is deprecated !!!
use AFS; # import all AFS names use AFS @AFS::KA; # import just the ka names use AFS @AFS::KTC; # import just the ktc names
This class provides methods to handle the AFS structure ktc_token. This structure contains information about tokens and is used in the Kernel Token Cache (KTC), which is part of the Cache Manager.
It is used to create, modify, and retrieve ktc_token instances for different services. It has methods to retrieve and to reset the ktc_token attributes. In order to make proper usage of these methods it is necessary to have access to AFS::KTC_PRINCIPAL objects and to AFS::KTC_EKEY objects.
In version 2, some of the methods have been renamed. All old names and interfaces from version 1 are still available for compatibility, but are deprecated. These cases have been marked in the documentation.
You must not intermix names or interfaces from version 1 with names or interfaces from version 2. You either stick with version 1 or version 2.
Version 1 Version 2
-----------------------------------------------------------------
ka_GetAuthToken AFS::KTC_TOKEN->GetAuthToken
ka_GetServerToken AFS::KTC_TOKEN->GetServerToken
ka_GetAdminToken AFS::KTC_TOKEN->GetAdminToken
ka_nulltoken AFS::KTC_TOKEN->nulltoken
ktc_GetToken AFS::KTC_TOKEN->GetToken
ktc_SetToken AFS::KTC_TOKEN->SetToken
ktc_ForgetAllTokens AFS::KTC_TOKEN->ForgetAllTokens
ka_UserAthenticateGeneral AFS::KTC_TOKEN->UserAuthenticateGeneral
Starting date of the token.
Expiration date of the token.
Session encryption key of the token.
Key version number associated with the Session encryption key.
The length in bytes of the data stored in the attribute 'ticket'.
The server ticket to use for the principal.
Creates a token for the service KA_TICKET_GRANTING_SERVICE (a ticket granting ticket, TGT) for a particular USER and saves it in the memory (kernel token cache). EKEY contains the user's encryption key and LIFE indicates how long the token will be valid (in seconds, given in 5 minute intervals). If PWEXP (default -1) is given it returns the number of days till the password expires. USER must be an instance of AFS::KTC_PRINCIPAL and EKEY an instance of AFS::KTC_EKEY. This method must be performed first before you can get any service token (method GetServerToken). This method calls the AFS system library function 'ka_GetAuthToken'.
NOTE: this form is deprecated !!!
$ok = ka_GetAuthToken(USER...);
Returns a token for the specified SERVICE. LIFE indicates how long the token will be valid (in seconds, given in 5 minute intervals). If NEWTK is set to 1 (default), then the function should get a new token if necessary. SERVICE must be an instance of AFS::KTC_PRINCIPAL. It requires that you already possess a TGT (method GetAuthToken). It calls the AFS system library function 'ka_GetServerToken'.
NOTE: this form is deprecated !!!
$token = ka_GetServerToken(SERVICE...);
Creates an administration token for the specified USER. It saves the token in the memory (kernel token cache) and additionally it returns the token. EKEY contains the encryption key and LIFE indicates how long the token will be valid (in seconds, given in 5 minute intervals). If NEWTK is set to 1 (default), then the function should get a new token if necessary. On error the error message is returned in REASON. USER must be an instance of AFS::KTC_PRINCIPAL and EKEY an instance of AFS::KTC_EKEY. It calls the AFS system library function 'ka_GetAdminToken'.
NOTE: this form is deprecated !!!
$token = ka_GetAdminToken(USER...);
Returns a NULL token. This token is only for use with the KAS methods AuthServerConn and SingleServerConn. Do not use it with any other methods or functions.
NOTE: this form is deprecated !!!
$token = ka_nulltoken;
Returns the token $token and the principal $user for the specified principal SERVICE. It calls the AFS system library function 'ktc_GetToken'.
NOTE: this form is deprecated !!!
($token, $user) = ktc_GetToken(SERVICE);
Stores the TOKEN for the given principal SERVICE and the given principal USER in the memory (kernel token cache). Possible Flags are AFS_SETTOK_SETPAG and AFS_SETTOK_LOGON. It calls the AFS system library function 'ktc_SetToken'.
NOTE: this form is deprecated !!!
$ok = ktc_SetToken(SERVICE...);
Undertakes all necessary steps for a complete authentication of principal USER. It converts the string PASSWORD (the cleartext password) for the principal USER to an encryption key. Then it creates a TGT token. After that it asks for a service token for service AFS with a life time of LIFE (in seconds, given in 5 minute intervals). Finally it saves the service token in the memory (kernel token cache).
Possible values for FLAGS are KA_USERAUTH_VERSION and KA_USERAUTH_DOSETPAG. If PWEXP (default -1) is given it returns the number of days till the password expires. On error the error message is returned in REASON. It calls the AFS system library function 'ka_UserAuthenticateGeneral'.
NOTE: this form is deprecated !!!
$ok = ka_UserAthenticateGeneral(USER...);
Discards all of the issuer's tokens. It calls the AFS system library function 'ktc_ForgetAllTokens'.
NOTE: this form is deprecated !!!
$ok = ktc_ForgetAllTokens;
Returns a recovered token from STRING. This STRING was previously generated with the instance method '$token->string'.
Retrieves the value for the specified object attribute, where ATTRIBUTE is one of the above listed object attributes (e.g. startTime).
Returns the whole token as a string.
Norbert E. Gruener <nog@MPA-Garching.MPG.de>.
Roland Schemers <schemers@slapshot.stanford.edu>.
© 2001-2005 Norbert E. Gruener <nog@MPA-Garching.MPG.de>. All rights reserved. © 1994 Board of Trustees, Leland Stanford Jr. University. All rights reserved. Most of the explanations in this document are taken from the original AFS documentation. AFS-3 Programmer's Reference: Authentication Server Interface Edward R. Zayas © 1991 Transarc Corporation. All rights reserved. IBM AFS Administration Reference © IBM Corporation 2000. All rights reserved.
This library is free software; you can redistribute it and/or modify it under the same terms as Perl itself.
Copyright (c) 1994 Board of Trustees, Leland Stanford Jr. University
Redistribution and use in source and binary forms are permitted provided that the above copyright notice and this paragraph are duplicated in all such forms and that any documentation, advertising materials, and other materials related to such distribution and use acknowledge that the software was developed by Stanford University. The name of the University may not be used to endorse or promote products derived from this software without specific prior written permission. THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
Revision $Rev: 689 $
