Module: KerberosAuthenticator

Defined in:

lib/kerberos_authenticator.rb,
lib/kerberos_authenticator/krb5.rb,
lib/kerberos_authenticator/error.rb,
lib/kerberos_authenticator/version.rb,
lib/kerberos_authenticator/krb5/creds.rb,
lib/kerberos_authenticator/krb5/error.rb,
lib/kerberos_authenticator/krb5/keytab.rb,
lib/kerberos_authenticator/krb5/context.rb,
lib/kerberos_authenticator/krb5/principal.rb,
lib/kerberos_authenticator/krb5/attach_function.rb

Defined Under Namespace

Modules: Krb5 Classes: Error, StandardError

Constant Summary

VERSION =

'0.0.6'

Class Attribute Summary

• .keytab_base64 ⇒ String

  The keytab to use when verifying the identity of the KDC represented as a Base64 encoded string (overrides keytab_path).

• .keytab_path ⇒ String

  The path to the keytab to use when verifying the identity of the KDC.

• .server ⇒ String

  The server principal name to use when verifying the identity of the KDC.

• .service ⇒ String

  The service principal name to request a ticket for when obtaining a user’s credentials.

Class Method Summary

• .authenticate!(username, password) ⇒ TrueClass

  Authenticates a user using their password.

• .krb5 ⇒ Krb5

  A convenience method to access the Krb5 module when using the setup method.

• .setup {|_self| ... } ⇒ Object

  Supports setting KerberosAuthenticator up using a block.

Class Attribute Details

.keytab_base64 ⇒ String

Returns the keytab to use when verifying the identity of the KDC represented as a Base64 encoded string (overrides keytab_path).

Returns:

• the keytab to use when verifying the identity of the KDC represented as a Base64 encoded string (overrides keytab_path)

# File 'lib/kerberos_authenticator.rb', line 40

.keytab_path ⇒ String

Returns the path to the keytab to use when verifying the identity of the KDC.

Returns:

• the path to the keytab to use when verifying the identity of the KDC

# File 'lib/kerberos_authenticator.rb', line 44

.server ⇒ String

Returns the server principal name to use when verifying the identity of the KDC.

Returns:

• the server principal name to use when verifying the identity of the KDC

# File 'lib/kerberos_authenticator.rb', line 48

.service ⇒ String

Returns the service principal name to request a ticket for when obtaining a user’s credentials.

Returns:

• the service principal name to request a ticket for when obtaining a user’s credentials

# File 'lib/kerberos_authenticator.rb', line 52

Class Method Details

.authenticate!(username, password) ⇒ TrueClass

Authenticates a user using their password.

Parameters:

• a string representation of the user’s principal

• the user’s password

Returns:

• always returns true if authentication succeeds without any error

Raises:

• if Kerberos can’t understand the principal or contact any KDCs for the principal’s realm

• if preauthentication fails (usually meaning that the user’s password was incorrect)

• if the KDC cannot find the user

See Also:

• Initial credentials

# File 'lib/kerberos_authenticator.rb', line 29

def self.authenticate!(username, password)
  user = Krb5::Principal.new_with_name(username)
  creds = user.initial_creds_with_password(password, service)

  with_keytab do |kt|
    creds.verify!(server_princ, kt)
  end

  true
end

.krb5 ⇒ Krb5

A convenience method to access the Krb5 module when using the setup method.

Returns:

# File 'lib/kerberos_authenticator.rb', line 12

def self.krb5
  Krb5
end

.setup {|_self| ... } ⇒ Object

Supports setting KerberosAuthenticator up using a block.

Yields:

• (_self)

Yield Parameters:

• _self (KerberosAuthenticator) —

  the object that the method was called on

# File 'lib/kerberos_authenticator.rb', line 17

def self.setup
  yield self
end