Class: Kerberos::Kadm5

Inherits:
Object
  • Object
show all
Defined in:
ext/krb5_auth/kadm5.c

Defined Under Namespace

Classes: Exception, PrincipalNotFoundException

Constant Summary

DISALLOW_POSTDATED = 
INT2FIX(KRB5_KDB_DISALLOW_POSTDATED)
DISALLOW_FORWARDABLE = 
INT2FIX(KRB5_KDB_DISALLOW_FORWARDABLE)
DISALLOW_TGT_BASED = 
INT2FIX(KRB5_KDB_DISALLOW_TGT_BASED)
DISALLOW_RENEWABLE = 
INT2FIX(KRB5_KDB_DISALLOW_RENEWABLE)
DISALLOW_PROXIABLE = 
INT2FIX(KRB5_KDB_DISALLOW_PROXIABLE)
DISALLOW_DUP_SKEY = 
INT2FIX(KRB5_KDB_DISALLOW_DUP_SKEY)
DISALLOW_ALL_TIX = 
INT2FIX(KRB5_KDB_DISALLOW_ALL_TIX)
REQUIRES_PRE_AUTH = 
INT2FIX(KRB5_KDB_REQUIRES_PRE_AUTH)
REQUIRES_HW_AUTH = 
INT2FIX(KRB5_KDB_REQUIRES_HW_AUTH)
REQUIRES_PWCHANGE = 
INT2FIX(KRB5_KDB_REQUIRES_PWCHANGE)
DISALLOW_SVR = 
INT2FIX(KRB5_KDB_DISALLOW_SVR)
PWCHANGE_SERVICE = 
INT2FIX(KRB5_KDB_PWCHANGE_SERVICE)
SUPPORT_DESMD5 = 
INT2FIX(KRB5_KDB_SUPPORT_DESMD5)
NEW_PRINC = 
INT2FIX(KRB5_KDB_NEW_PRINC)

Instance Method Summary (collapse)

Constructor Details

- (Object) Krb5Auth::Kadm5.new(:principal) - (Object) Krb5Auth::Kadm5.new(:principal) - (Object) Krb5Auth::Kadm5.new(:principal)

Creates and returns a new Krb5Auth::Kadm5 object. A hash argument is accepted that allows you to specify a principal and a password, or a keytab file.

If you pass a string as the :keytab value it will attempt to use that file for the keytab. If you pass true as the value it will attempt to use the default keytab file, typically /etc/krb5.keytab.

You may also pass the :service option to specify the service name. The default is kadmin/admin.




# File 'ext/krb5_auth/kadm5.c'

/*
 * call-seq:
 *   Krb5Auth::Kadm5.new(:principal => 'name', :password => 'xxxxx')
 *   Krb5Auth::Kadm5.new(:principal => 'name', :keytab => '/path/to/your/keytab')
 *   Krb5Auth::Kadm5.new(:principal => 'name', :keytab => true)
 *
 * Creates and returns a new Krb5Auth::Kadm5 object. A hash argument is
 * accepted that allows you to specify a principal and a password, or
 * a keytab file.
 *
 * If you pass a string as the :keytab value it will attempt to use that file
 * for the keytab. If you pass true as the value it will attempt to use the
 * default keytab file, typically /etc/krb5.keytab.
 *
 * You may also pass the :service option to specify the service name. The
 * default is kadmin/admin.
 */
static VALUE rkadm5_initialize(VALUE self, VALUE v_opts){

Instance Method Details

- (Object) close

Closes the kadm5 object. Specifically, it frees the principal and context associated with the kadm5 object, as well as the server handle.

Any attempt to call a method on a kadm5 object after it has been closed will fail with an error message indicating a lack of context.




# File 'ext/krb5_auth/kadm5.c'

/*
 * call-seq:
 *   kadm5.close
 *
 * Closes the kadm5 object. Specifically, it frees the principal and context
 * associated with the kadm5 object, as well as the server handle.
 *
 * Any attempt to call a method on a kadm5 object after it has been closed
 * will fail with an error message indicating a lack of context.
 */
static VALUE rkadm5_close(VALUE self){

- (Object) create_policy(policy)

Creates a new Kerberos policy based on the Policy object.

Example:

# Using a Policy object
policy = Krb5Auth::Kadm5::Policy.new(:name => 'test', :min_length => 5)
kadm5.create_policy(policy)

# Using a hash
kadm5.create_policy(:name => 'test', :min_length => 5)



# File 'ext/krb5_auth/kadm5.c'

/*
 * call-seq:
 *   kadm5.create_policy(policy)
 *
 * Creates a new Kerberos policy based on the Policy object.
 *
 * Example:
 *
 *   # Using a Policy object
 *   policy = Krb5Auth::Kadm5::Policy.new(:name => 'test', :min_length => 5)
 *   kadm5.create_policy(policy)
 *
 *   # Using a hash
 *   kadm5.create_policy(:name => 'test', :min_length => 5)
 */
static VALUE rkadm5_create_policy(VALUE self, VALUE v_policy){

- (Object) create_principal(name, password) - (Object) create_principal(principal)

Creates a new principal name with an initial password of password.




# File 'ext/krb5_auth/kadm5.c'

/*
 * call-seq:
 *   kadm5.create_principal(name, password)
 *   kadm5.create_principal(principal)
 *
 * Creates a new principal +name+ with an initial password of +password+.
 *--
 * TODO: Allow a Principal object to be passed in as an argument.
 */
static VALUE rkadm5_create_principal(VALUE self, VALUE v_user, VALUE v_pass){

- (Object) delete_policy(name)

Deletes the Kerberos policy name.

Example:

kadm5.delete_policy('test')



# File 'ext/krb5_auth/kadm5.c'

/*
 * call-seq:
 *   kadm5.delete_policy(name)
 *
 * Deletes the Kerberos policy +name+.
 *
 * Example:
 *
 *   kadm5.delete_policy('test')
 */
static VALUE rkadm5_delete_policy(VALUE self, VALUE v_policy){

- (Object) delete_principal(name)

Deletes the principal name from the Kerberos database.




# File 'ext/krb5_auth/kadm5.c'

/* call-seq:
 *   kadm5.delete_principal(name)
 *
 * Deletes the principal +name+ from the Kerberos database.
 */
static VALUE rkadm5_delete_principal(VALUE self, VALUE v_user){

- (Object) find_policy(name)

Get and return a Policy object for name. If the name cannot be found, then nil is returned.

This method is nearly identical to kadm5.get_policy, except that method raises an exception if not found.




# File 'ext/krb5_auth/kadm5.c'

/*
 * call-seq:
 *   kadm5.find_policy(name)
 *
 * Get and return a Policy object for +name+. If the +name+ cannot be found,
 * then nil is returned.
 *
 * This method is nearly identical to kadm5.get_policy, except that method
 * raises an exception if not found.
 */
static VALUE rkadm5_find_policy(VALUE self, VALUE v_name){

- (Object) find_principal(principal_name)

Returns a Principal object for principal_name containing various bits of information regarding that principal, such as policy, attributes, expiration information, etc.

Unlike the get_principal method, this method returns nil if the principal cannot be found instead of raising an error.




# File 'ext/krb5_auth/kadm5.c'

/*
 * call-seq:
 *   kadm5.find_principal(principal_name)
 *
 * Returns a Principal object for +principal_name+ containing various bits
 * of information regarding that principal, such as policy, attributes,
 * expiration information, etc.
 *
 * Unlike the get_principal method, this method returns nil if the principal
 * cannot be found instead of raising an error.
 */
static VALUE rkadm5_find_principal(VALUE self, VALUE v_user){

- (Object) generate_random_key(principal)

Generates and assigns a new random key to the named principal and returns the number of generated keys.




# File 'ext/krb5_auth/kadm5.c'

/*
 * call-seq:
 *   kadm.generate_random_key(principal)
 *
 * Generates and assigns a new random key to the named +principal+ and
 * returns the number of generated keys.
 */
static VALUE rkadm5_randkey_principal(VALUE self, VALUE v_user){

- (Object) get_policies(expr = nil)

Returns a list of policy names matching expr, or all policy names if expr is nil.

The valid characters for expr are '*', '?', '[]' and ''. All other characters match themselves.

kadm5.get_policies          # => Get all policies
kadm5.get_policies('test*') # => Get all policies that start with 'test'



# File 'ext/krb5_auth/kadm5.c'

/* 
 * call-seq:
 *   kadm5.get_policies(expr = nil)
 *
 * Returns a list of policy names matching +expr+, or all policy names if
 * +expr+ is nil.
 *
 * The valid characters for +expr+ are '*', '?', '[]' and '\'. All other
 * characters match themselves.
 *
 *  kadm5.get_policies          # => Get all policies
 *  kadm5.get_policies('test*') # => Get all policies that start with 'test'
 */
static VALUE rkadm5_get_policies(int argc, VALUE* argv, VALUE self){

- (Object) get_policy(name)

Get and return a Policy object for name. If the name cannot be found, then an exception is raised.

This method is nearly identical to kadm5.find_policy, except that method returns nil if not found.




# File 'ext/krb5_auth/kadm5.c'

/*
 * call-seq:
 *   kadm5.get_policy(name)
 *
 * Get and return a Policy object for +name+. If the +name+ cannot be found,
 * then an exception is raised.
 *
 * This method is nearly identical to kadm5.find_policy, except that method
 * returns nil if not found.
 */
static VALUE rkadm5_get_policy(VALUE self, VALUE v_name){

- (Object) get_principal(principal_name)

Returns a Principal object for principal_name containing various bits of information regarding that principal, such as policy, attributes, expiration information, etc.

If the principal_name cannot be found then a PrincipalNotFoundException is raised.




# File 'ext/krb5_auth/kadm5.c'

/*
 * call-seq:
 *   kadm5.get_principal(principal_name)
 *
 * Returns a Principal object for +principal_name+ containing various bits
 * of information regarding that principal, such as policy, attributes,
 * expiration information, etc.
 *
 * If the +principal_name+ cannot be found then a PrincipalNotFoundException
 * is raised.
 */
static VALUE rkadm5_get_principal(VALUE self, VALUE v_user){

- (Object) get_principals(expr = nil)

Returns a list of principals matching expr, or all principals if expr is nil.

The valid characters for expr are '*', '?', '[]' and ''. All other characters match themselves.

Example:

kadm5.get_principals          # => Get all principals
kadm5.get_principals('test*') # => Get all principals that start with 'test'



# File 'ext/krb5_auth/kadm5.c'

/* 
 * call-seq:
 *   kadm5.get_principals(expr = nil)
 *
 * Returns a list of principals matching +expr+, or all principals if
 * +expr+ is nil.
 *
 * The valid characters for +expr+ are '*', '?', '[]' and '\'. All other
 * characters match themselves.
 *
 * Example:
 *
 *  kadm5.get_principals          # => Get all principals
 *  kadm5.get_principals('test*') # => Get all principals that start with 'test'
 */
static VALUE rkadm5_get_principals(int argc, VALUE* argv, VALUE self){

- (Object) get_privileges(:strings)

Returns a numeric bitmask indicating the caller's privileges. If the strings option is true, then an array of human readable strings are returned instead.

The possible values, and their string equivalent, are:

KADM5_PRIV_GET (0x01) => "GET" KADM5_PRIV_ADD (0x02) => "ADD" KADM5_PRIV_MODIFY (0x04) => "MODIFY" KADM5_PRIV_DELETE (0x08) => "DELETE"




# File 'ext/krb5_auth/kadm5.c'

/*
 * call-seq:
 *   kadm5.get_privileges(:strings => false)
 *
 * Returns a numeric bitmask indicating the caller's privileges. If the
 * +strings+ option is true, then an array of human readable strings are
 * returned instead.
 *
 * The possible values, and their string equivalent, are:
 *
 * KADM5_PRIV_GET    (0x01) => "GET"
 * KADM5_PRIV_ADD    (0x02) => "ADD"
 * KADM5_PRIV_MODIFY (0x04) => "MODIFY"
 * KADM5_PRIV_DELETE (0x08) => "DELETE"
 */
static VALUE rkadm5_get_privs(int argc, VALUE* argv, VALUE self){

- (Object) modify_policy(policy)

Modify an existing Kerberos policy using a policy object.

Example:

policy = Krb5Auth::Kadm5::Policy.find('test')
policy.max_length = 1024
kadm5.modify_policy(policy)



# File 'ext/krb5_auth/kadm5.c'

/*
 * call-seq:
 *   kadm5.modify_policy(policy)
 *
 * Modify an existing Kerberos policy using a +policy+ object.
 *
 * Example:
 *
 *   policy = Krb5Auth::Kadm5::Policy.find('test')
 *   policy.max_length = 1024
 *   kadm5.modify_policy(policy)
 */
static VALUE rkadm5_modify_policy(VALUE self, VALUE v_policy){

- (Object) set_password(user, password)

Set the password for user (i.e. the principal) to password.




# File 'ext/krb5_auth/kadm5.c'

/* call-seq:
 *   kadm5.set_password(user, password)
 *
 * Set the password for +user+ (i.e. the principal) to +password+.
 */
static VALUE rkadm5_set_password(VALUE self, VALUE v_user, VALUE v_pass){