Authen::SASL::Perl::GSSAPI - GSSAPI Authentication class


Authen::SASL::Perl::GSSAPI - GSSAPI (Kerberosv5) Authentication class


  use Authen::SASL qw(Perl);
  $sasl = Authen::SASL->new( mechanism => 'GSSAPI' );
  $sasl->client_start( $service, $host );


This method implements the client part of the GSSAPI SASL algorithm.

With a valid Kerberos 5 credentials cache (aka TGT) it allows to connect to service@host given as the first two parameters to Authen::SASL's client_start() method.

Please note that this module does not currently implement a SASL security layer following authentication. Unless the connection is protected by other means, such as TLS, it will be vulnerable to man-in-the-middle attacks. If security layers are required, then the Authen::SASL::Cyrus GSSAPI module should be used instead.


The callbacks used are:

The username to be used in the response


the Authen::SASL manpage, the Authen::SASL::Perl manpage


Written by Simon Wilkinson, with patches and extensions by Achim Grolms and Peter Marschall.

Please report any bugs, or post any suggestions, to the perl-ldap mailing list <>


Copyright (c) 2006 Simon Wilkinson, Achim Grolms and Peter Marschall. All rights reserved. This program is free software; you can redistribute it and/or modify it under the same terms as Perl itself.

 Authen::SASL::Perl::GSSAPI - GSSAPI Authentication class