Module: KerberosAuthenticator

Defined in:
lib/kerberos_authenticator.rb,
lib/kerberos_authenticator/krb5.rb,
lib/kerberos_authenticator/error.rb,
lib/kerberos_authenticator/krb5/creds.rb,
lib/kerberos_authenticator/krb5/error.rb,
lib/kerberos_authenticator/krb5/keytab.rb,
lib/kerberos_authenticator/krb5/context.rb,
lib/kerberos_authenticator/krb5/principal.rb,
lib/kerberos_authenticator/krb5/attach_function.rb

Defined Under Namespace

Modules: Krb5 Classes: Error, StandardError

Instance Attribute Summary collapse

Class Method Summary collapse

Instance Attribute Details

#keytab_base64String

Returns the keytab to use when verifying the identity the KDC represented as a Base64 encoded string (overrides keytab_path).

Returns:

  • (String)

    the keytab to use when verifying the identity the KDC represented as a Base64 encoded string (overrides keytab_path)




# File 'lib/kerberos_authenticator.rb', line 43

#serverString

Returns the server principal name to use when verifying the identity the KDC.

Returns:

  • (String)

    the server principal name to use when verifying the identity the KDC




# File 'lib/kerberos_authenticator.rb', line 37

#serviceString

Returns the service principal name to request a ticket for when obtaining a user’s credentials.

Returns:

  • (String)

    the service principal name to request a ticket for when obtaining a user’s credentials




# File 'lib/kerberos_authenticator.rb', line 40

Class Method Details

.authenticate!(username, password) ⇒ TrueClass

Authenticates a user using their password.

Parameters:

  • username (String)

    a string representation of the user’s principal

  • password (String)

    the user’s password

Returns:

  • (TrueClass)

    always returns true if authentication succeeds without any error

Raises:

  • (Error)

    if Kerberos can’t understand the principal or contact any KDCs for the principal’s realm

  • (Error)

    if preauthentication fails (usually meaning that the user’s password was incorrect)

  • (Error)

    if the KDC cannot find the user

See Also:



26
27
28
29
30
31
32
33
34
35
 
# File 'lib/kerberos_authenticator.rb', line 26

def self.authenticate!(username, password)
  user = Krb5::Principal.new_with_name(username)
  creds = user.initial_creds_with_password(password, service)

  with_keytab do |kt|
    creds.verify!(server_princ, kt)
  end

  true
end

.keytab_base64Object 



72
73
74
 
# File 'lib/kerberos_authenticator.rb', line 72

def self.keytab_base64
  @keytab_base64
end

.keytab_base64=(v) ⇒ Object 



76
77
78
 
# File 'lib/kerberos_authenticator.rb', line 76

def self.keytab_base64=(v)
  @keytab_base64 = v
end

.keytab_pathObject 



80
81
82
 
# File 'lib/kerberos_authenticator.rb', line 80

def self.keytab_path
  @keytab_path
end

.keytab_path=(v) ⇒ Object 



84
85
86
 
# File 'lib/kerberos_authenticator.rb', line 84

def self.keytab_path=(v)
  @keytab_path = v
end

.krb5Krb5

Returns:



9
10
11
 
# File 'lib/kerberos_authenticator.rb', line 9

def self.krb5
  Krb5
end

.serverObject 



61
62
63
 
# File 'lib/kerberos_authenticator.rb', line 61

def self.server
  @server
end

.server=(v) ⇒ Object 



65
66
67
 
# File 'lib/kerberos_authenticator.rb', line 65

def self.server=(v)
  @server = v
end

.serviceObject 



51
52
53
 
# File 'lib/kerberos_authenticator.rb', line 51

def self.service
  @service
end

.service=(v) ⇒ Object 



55
56
57
 
# File 'lib/kerberos_authenticator.rb', line 55

def self.service=(v)
  @service = v
end

.setup {|_self| ... } ⇒ Object

Supports setting KerberosAuthenticator up using a block.

Yields:

  • (_self)

Yield Parameters:



14
15
16
 
# File 'lib/kerberos_authenticator.rb', line 14

def self.setup
  yield self
end