NAME Role::Kerberos - A role for managing Kerberos 5 credentials VERSION Version 0.02 SYNOPSIS package My::Kerbject; use Moo; with 'Role::Kerberos'; has other_stuff => ( # ... ); # go nuts... # ...elsewhere: package Somewhere::Else; my $krb = My::Kerbject->new( principal => 'robot@ELITE.REALM', keytab => '/etc/robot/creds.keytab', ccache => '/var/lib/robot/krb5cc', other_stuff => 'derp', ); DESCRIPTION Authen::Krb5 is kind of unwieldy. Authen::Krb5::Simple is too simple (no keytabs). Authen::Krb5::Effortless requires too much effort (can't specify keytabs/ccaches outside of environment variables) and Authen::Krb5::Easy hasn't been touched in 13 years. The purpose of this module is to enable you to strap onto an existing Moo(se) object the functionality necessary to acquire and maintain a Kerberos TGT. My own impetus for writing this module involves making connections authenticated via Authen::SASL and GSSAPI where the keys come from a keytab in a non-default location and the consistency of %ENV is not reliable (that is, in a Web app). METHODS new %PARAMS As with all roles, these parameters get integrated into your class's constructor, and also serve as accessor methods. Every one is read-only, and every one is optional except "principal". realm The default realm. Taken from the default principal, or otherwise the system default realm if not defined. principal The default principal. Can (should) also contain a realm. If a realm is missing from the principal, it will be added from "realm". Coerced from a string into a "Authen::Krb5::Principal" in Authen::Krb5 object. Required. keytab A keytab, if other than $ENV{KRB5_KTNAME}. Will default to that or the system default (e.g. "/etc/krb5.keytab"). Coerced from a file path into an "Authen::Krb5::Keytab" in Authen::Krb5 object. password The password for the default principal. Don't use this. Use a keytab. ccache The locator (e.g. file path) of a credential cache, if different from $ENV{KRB5CCNAME} or the system default. Coerced into an "Authen::Krb5::Ccache" in Authen::Krb5 object. kinit %PARAMS Log in to Kerberos. Parameters are optional. principal The principal, if different from that in the constructor. realm The realm, if different from that in the constructor. Ignored if the principal contains a realm. password The Kerberos password, if logging in with a password. (See Term::ReadPassword for a handy way of ingesting a password from the command line.) keytab A keytab, if different from that in the constructor or $ENV{KRB5_KTNAME}. Will be coerced from a file name. service A service principal, if different from "krbtgt/REALM@REALM". klist %PARAMS kexpired Returns true if any tickets in the cache are expired. kdestroy Destroy the credentials cache (if there is something to destroy). AUTHOR Dorian Taylor, "" SEE ALSO Authen::Krb5 Moo::Role BUGS Please report any bugs or feature requests to "bug-role-kerberos at rt.cpan.org", or through the web interface at . I will be notified, and then you'll automatically be notified of progress on your bug as I make changes. LICENSE AND COPYRIGHT Copyright 2015 Dorian Taylor. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at . Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.