Authen::ACE4 - Perl extension for accessing a SecurID ACE server or RSA Authenticaiotn Manager
use Authen::ACE4; AceInitialize(); ($result, $handle, $moreData, $echoFlag, $respTimeout, $nextRespLen, $prompt) = AceStartAuth($username); ($result, $moreData, $echoFlag, $respTimeout, $nextRespLen, $prompt) = Authen::ACE4::AceContinueAuth($handle, $resp); ($result, $status) = Authen::ACE4::AceGetAuthenticationStatus($handle); $result = AceCloseAuth($handle);
Authen::ACE4 provides a client interface to a Security Dynamics SecurID ACE server. It uses the ACE/Agent client libraries. SecurID authentication can be added to any Perl application using Authen::ACE4.
Synchronous functions are provided for authenticating users and getting some user information. Asynchronous functions are not supported. ACE/Agent Version 4.1 and better API is supported. Legacy functions like sd_auth etc are not supported.
AceInitialize();
Initializes the ACE client access library and loads the ACE configuration file (sdconf.rec). AceInitialize must be called before any other API function is called.
On Unix, the environment variable VAR_ACE is used to find the ACE/Server sdconf.rec file, which specifies how to contact the ACE server and/or Authentication Manager. The default is /var/ace/data. If your sdconf.rec is in a different location you must specify VAR_ACE eg:
$ENV{VAR_ACE} = '/opt/ace/data';
before calling AceInitialize.
($result, $handle, $moreData, $echoFlag, $respTimeout, $nextRespLen, $prompt) = Authen::ACE4::AceStartAuth($username);
The AceStartAuth function is designed to be used aling with AceContinueAuth and AceCloseAuth.
AceStartAuth is the first step in authenticating a user. If the function returns successfully, continue to call AceContinueAuth as long as $moreData is true.
If AceStartAuth returns successfully, AceCloseAuth must be called to close the authentication context. If AceStartAuth does not return successfully, AceCloseAuth must not be called.
You can have multiple authentication contexts (handles) current at the same time. Each one must be closed with its own AceCloseAuth.
Input data is
The name of the user to be authenticated, as known to the ACE/Server.
Returned data is
Indicates the success or failure of the call (but not success of the authentication, see AceGetAuthenticationStatus for that).
If the call succeeds, $handle, $moreData etc will be set. If the call fails, only $result and $prompt will have meaningful values.
Possible results for $result are
The call succeeded. $handle contains the handle for this context
Memory allocation error
Could not create event object and associated data.
Could not open and/or create a socket
Returns a new opaque handle for this authentication context.
A flag that indicate whether more data is needed by the authentication context.
A flag that gives a hint to the developer whether the next response should be echoed on the screen.
A hint to the developer about how long to display this prompt string to the user.
Indicates the maximum number of bytes of data expected in the next call to AceContinueAuth
Message string that should be shown to the user as the request for data to be passed to the next call to AceContinueAuth.
($result, $moreData, $echoFlag, $respTimeout, $nextRespLen, $prompt) = Authen::ACE4::AceContinueAuth($handle, $resp);
AceContinueAuth should continue to be called for as long as it succeeds and $moreData is true. Each successive call will ask for additional data required for the authentication to be entered by the user.
After AceContinueAuth returns with moreDat false, use AceGetAuthenticationStatus to check the result of the completed authentication process.
The opaque handle for this authentication context, previously returned by AceStartAuth.
The response from the user to the prompt from the previous AceStartAuth or AceContinueAuth.
If the call succeeds, $moreData, $echoFlag etc will be set. If the call fails, only $result and $prompt will have meaningful values.
Handle is invalid
($result, $status) = Authen::ACE4::AceGetAuthenticationStatus($handle);
Returns the status of the request. Can be called at any stage during the authentication process.
Indicates the success or failure of the call (but not success of the authentication, see $status for that).
The call succeeded. $status contains the status for this context. Note that it is not correct to compare this with ACM_OK.
Indicates the current status of this authentication
Possible results for $status are
$result = Authen::ACE4::AceCloseAuth($handle);
Closes a previously created authentication context, and frees any memory that was allocated. Every successful AceStartAuth must have a matching AceCloseAuth. It can be called at any time after AceStartAuth. $handle must be the handle returned by a previous call to AceStartAuth.
Returns ACM_OK if successful.
Mike McCauley <mikem@open.com.au>
Copyright (C) 2000 OPen System Consultants Pty Ltd. This program is free software; you can redistribute it and/or modify it under the same terms as Perl itself.
perl(1), ACE/Server Administration Manual, ACE/Server v 4.1 Authentication API Guide, Authen::ACE
To install Authen::ACE4, copy and paste the appropriate command in to your terminal.
cpanm
cpanm Authen::ACE4
CPAN shell
perl -MCPAN -e shell install Authen::ACE4
For more information on module installation, please visit the detailed CPAN module installation guide.