Description

This is Daniel Berger's custom implementation of the original

Requirements

Kerberos 1.7.0 or later, including admin header and library files.

Synopsis

require 'krb5_auth'

# Get the default realm name
krb5 = Krb5Auth::Krb5.new
puts krb5.default_realm
krb5.close

# Get the default keytab name
keytab = Krb5Auth::Krb5::Keytab.new
puts keytab.default_name
keytab.close

# Set the password for a given principal
kadm5 = Krb5Auth::Kadm5.new(:principal => 'foo/admin', :password => 'xxxx')
kadm5.set_password('someuser', 'abc123')
kadm5.close

# Using the block form
Krb5Auth::Kadm5.new(:principal => 'foo/admin', :password => 'xxxx') do |kadm5|
  p kadm5.get_principal('someuser')
  kadm5.set_password('someuser', 'abc123')
end

Notes

This fork heavily modifies the original krb5_auth library. Several new
classes and methods have been added.

Krb5Auth::Kadm5
Krb5Auth::Kadm5::Config
Krb5Auth::Krb5::Keytab
Krb5Auth::Krb5::KeytabEntry
Krb5Auth::Krb5::CredentialsCache
Krb5Auth::Krb5::Principal
Krb5Auth::Krb5::Policy

With this fork you can create and delete principals, set and reset passwords,
set the default realm, and read keytab entries.

The code layout has been heavily modified as well. This fork uses separate
source files for each class, and uses rake-compiler to glue them all
together into a single build.

Lastly, this fork includes many more tests.

MIT vs Heimdal

This code was written for the MIT Kerberos library. It has not been tested
with the Heimdal Kerberos library.

TODO

Replace Struct::Principal with a Principal class with its own methods.
Create a separate class for the replay cache.
Better credentials cache support.
Ability to add and delete keytab entries.

CAVEATS

OS X users will probably need to install Kerberos manually and specify
the dir-config option because it ships with old Kerberos header files,
and none of the admin headers or libraries by default.

Author

Daniel Berger