NAME

WebAuth::Token::WebKDCFactor - WebAuth webkdc-factor tokens

SYNOPSIS

    my $token = WebAuth::Token::WebKDCFactor->new;
    $token->subject ('user');
    $token->initial_factors ('d');
    $token->expiration (time + 3600);
    print $token->encode ($keyring), "\n";

DESCRIPTION

A WebAuth webkdc-factor token, which stores additional factors that will be combined with valid login or webkdc-proxy tokens but which cannot, by themselves, authenticate the user. This token is stored as a separate cookie in the user's browser, possibly with a longer lifespan than the single sign-on credentials, and may also be returned by the user information service for certain types of authentications.

CLASS METHODS

new (): Create a new, empty WebAuth::Token::WebKDCFactor. At least some attributes will have to be set using the accessor methods described below before the token can be used.

INSTANCE METHODS

As with WebAuth module functions, failures are signaled by throwing WebAuth::Exception rather than by return status.

General Methods

encode (KEYRING): Generate the encoded and encrypted form of this token using the provided KEYRING. The encryption key used will be the one returned by the best_key() method of WebAuth::Keyring on that KEYRING.

Accessor Methods

subject ([SUBJECT]): Get or set the subject, which holds the authenticated identity of the user holding this token.
factors ([FACTORS]): Get or set a comma-separated list of authentication factors that this token should contribute to any further authentications. For a list of possible factors and their meaning, see the WebAuth protocol specification.
creation ([TIMESTAMP]): Get or set the creation timestamp for this token in seconds since epoch. If not set, the encoded token will have a creation time set to the time of encoding.
expiration ([TIMESTAMP]): Get or set the expiration timestamp for this token in seconds since epoch.

AUTHOR

Russ Allbery <eagle@eyrie.org>