GEN-AUTH(1) User Contributed Perl Documentation GEN-AUTH(1)
NAME
gen-auth - generate various authentication strings
USAGE
gen-auth [--help|--version] | <type> ...
DESCRIPTION
gen-auth is tool to assist in all kinds of authentication / encoding /
decoding / encrypting tasks. It began life as an smtp-specific tool,
but has drifted in functionality over time.
The program actions are broken down into types of encoding to generate.
Each <type> then takes its own specific args. The arguments are
expected in a specific order on the command line. Every argument that
isn't available on the command line will be prompted for. One benefit
to this is arguments corresponding to passwords will not be echoed to
the terminal when prompted for.
TYPES
The program action is controlled by the first argument. The meaning of
the following arguments is specified by this type
PLAIN <username> <password>
This type generates a PLAIN (RFC 2595) authentication string. It
accepts supplemental arguments of username and password. It
generates a Base64 encoded string "\0<username>\0<password>".
LOGIN <username> <password>
This method accepts username and password as supplemental args. It
simply returns each string Base64 encoded. This provides only
minimal advantages over using ENCODE twice. One advantage is
hiding the password if you provide it on STDIN
CRAM-MD5 <username> <password> <challenge>
CRAM-MD5 (RFC 2195) accepts three supplemental arguments. The
first is the username and the second is the password. The third is
the challenge string provided by the server. This string can be
either Base64 encoded or not. The RFC states that all (unencoded)
challenge strings must start w/ '<'. This is used to whether the
string is Base64 encoded or not.
CRAM-MD5 uses the challenge and the supplied password to generate a
digest. it then returns the Base64 encoded version of the string
md5("<username> <challenge>")
This authentication method requires the Digest::MD5 perl module to
be installed.
CRAM-SHA1 <username> <password> <challenge>
This behaves the same as CRAM-MD5 but uses SHA1 digesting rather
than MD5.
This authentication method requires the Digest::SHA1 perl module to
be installed.
NTLM/SPA/MSN <username> <password> <domain> <challenge>
Although it may be advertised as one of the above types, this
method of authentication if refered to singularly as NTLM. This is
a multi-step authentication type. The first 3 arguments must be
supplied up front. They are username, password, and domain, in
that order. These three strings are used to generate an "Auth
Request" string. This string should be passed verbatim to the
server. The server will then respond with a challenge. This
challenge is the fourth argument. After receiving the server
challenge, gen-auth will produce an "Auth Response". Posting this
response to the server completes the NTLM authentication
transaction.
This authentication method requires the Authen::NTLM perl module to
be installed. See EXAMPLES for an example of this transaction.
Note also that 'domain' is often blank from client or ignored by
server.
HTTP-BASIC <username> <password>
Returns the value base64("<username>:<password>"). Used for HTTP
Basic authentication (RFC 2617). Used by adding a header
"Authorization: Basic <string>" to a HTTP request where <string> is
the output of this command.
APOP <challenge> <password>
This implements the APOP authentication for the POP3 protocol as
described in RFC 1939. <challenge> is the challenge string
presented by the POP3 server in the greeting banner. <password> is
the "secret" (usually a password) used to authenticate the user.
This method returns a digest md5("<challenge><password>"). This
can be used to authenticate to a POP3 server in a string like "APOP
<user> <digest>" where <digest> is the string generated by this
command.
APOP required the Digest::MD5 perl module.
ENCODE <string>
Simply Base64 encodes a plaintext string. Provided as a
convenience function.
DECODE <string>
Decodes a Base64 encoded string. Provided as a convenience
function.
MD5/MD5-HEX <string>
Provides an MD5 digest of the supplied string in hex.
MD5-BASE64 <string>
Provides an MD5 digest of the supplied string in Base64.
ENCRYPT <string>
Returns a crypt(3) string generated from the input string.
SALTENCRYPT <string> <salt>
Same as ENCRYPT but you provide the salt as the second argument.
See crypt(3) man page for details.
ROT13 <string>
This performs a rot13 action on <string>. This implementation only
performs the action on ASCII 65-90,97-123. Any other character
value is left untouched. Therefore this method is primarily for
LOCALE=C, ASCII only. Feel free to send patches if you care to
have it work in another setting.
ATBASH <string>
This performs an atbash action on <string>. Atbash mirrors a
string such that 'a'=='z', 'b'=='y', etc. See the comments on
locale and character set under ROT13.
OPTIONS
-s Supresses echo on all input fields read from standard input. If
this option is not used, echo is suppressed on fields which are
known to be password fields but this may not be secure enough.
--help
this screen.
--version
version info.
EXAMPLES
generate a PLAIN AUTH string for user 'tim', password
'tanstaaftanstaaf'
> gen-auth plain tim tanstaaftanstaaf
Auth String: AHRpbQB0YW5zdGFhZnRhbnN0YWFm
generate a CRAM-MD5 string for user 'tim', password 'tanstaaftanstaaf',
challenge '<1896.697170952@postoffice.reston.mci.net>', using prompt to
hide password
> gen-auth cram-md5
username: tim
password:
challenge: PDE4OTYuNjk3MTcwOTUyQHBvc3RvZmZpY2UucmVzdG9uLm1jaS5uZXQ+
dGltIGI5MTNhNjAyYzdlZGE3YTQ5NWI0ZTZlNzMzNGQzODkw
use the DECODE method to ensure we provided the correct output in our
last example
> gen-auth decode dGltIGI5MTNhNjAyYzdlZGE3YTQ5NWI0ZTZlNzMzNGQzODkw
tim b913a602c7eda7a495b4e6e7334d3890
use the NTLM (MSN) method to authenticate to a mail server using user
'tim', password 'tanstaaftanstaaf', and domain MAIL. Both the gen-auth
transaction and SMTP transaction are shown to demonstrate the
interaction between the two.
AUTH MSN
334 NTLM supported
TlRMTVNTUAABAAAAB7IAAAMAAwAgAAAABAAEACMAAAB0aW1NQUlM
334 TlRMTVNTUAACAAAAAAAAAAAoAAABggAA9RH5KZlXvygAAACAAAAAZL//4sQAAAAC
TlRMTVNTUAADAAAAGAAYAEAAAAAYABgAWAAAAAAAAAAwAAAABgAGAHAAAAAGAAYAdgAAAAAAAAA8AAAAAYIAAK3lcO8PldNxIrkbvgKGJRR5owQePUtYaTtLVgfQiVQBywW2yZKyp+VFGqYfgDtdEHQAaQBtAHQAaQBtAA==
235 Authentication succeeded
> gen-auth spa
username: tim
password:
domain: MAIL
Auth Request: TlRMTVNTUAABAAAAB7IAAAMAAwAgAAAABAAEACMAAAB0aW1NQUlM
challenge: TlRMTVNTUAACAAAAAAAAAAAoAAABggAA9RH5KZlXvygAAACAAAAAZL//4sQAAAAC
Auth Response: TlRMTVNTUAADAAAAGAAYAEAAAAAYABgAWAAAAAAAAAAwAAAABgAGAHAAAAAGAAYAdgAAAAAAAAA8AAAAAYIAAK3lcO8PldNxIrkbvgKGJRR5owQePUtYaTtLVgfQiVQBywW2yZKyp+VFGqYfgDtdEHQAaQBtAHQAaQBtAA==
REQUIRES
MIME::Base64
Required for all functionality
Digest::MD5
Required for MD5, MD5-BASE64, CRAM-MD5, APOP
Digest::SHA1
Required for CRAM-SHA1
Authen::NTLM
Required for NTLM/MSN/SPA
EXIT CODES
0 - no errors occurred
1 - unrecognized type specified
CONTACT
proj-gen-auth@jetmore.net
perl v5.34.0 2022-12-12 GEN-AUTH(1)
Generated by dwww version 1.14 on Fri Jan 24 09:35:41 CET 2025.