Kadmin
Related Doc:
package kadmin
Creates policy using options.
Creates policy using options.
This operation is idempotent, that is, if this method is invoked twice for the same principal it will be successful in both invocations. This means that this operation can be repeated or retried as often as necessary without causing unintended effects.
Kadmin will be started with the doOperation method, that is, a password authentication
will performed as specified in the configuration.
the parameters to pass to the kadmin add_policy operation.
See Add
Policy (MIT Kerberos) for a full list. The parameters are not checked for validity.
the policy to create.
an Expect that creates policy.
Creates principal using options.
Creates principal using options. If principal already exists modifyPrincipal will be
invoked to make this operation idempotent (see the caveats bellow).
This operation is idempotent, that is, if this method is invoked twice for the same principal
it will be successful in both invocations. This means that this operation can be repeated or retried as
often as necessary without causing unintended effects. However there are some caveats: if principal already exists
and any of newPassword, randKey or keysalt is defined, then changePassword will be invoked
after the modifyPrincipal. Since changePassword is not always idempotent this method might also not be.
The password is not sent with the "-pw" option so it will not be exposed via the system process list.
Kadmin will be started with the doOperation method, that is, a password authentication
will performed as specified in the configuration.
the parameters to pass to the kadmin add_principal operation.
See Add
Principal (MIT Kerberos) for a full list. The parameters are not checked for validity.
the principal to create.
an Expect that creates principal.
Changes the principal password to newPassword or sets its key to a random value.
Changes the principal password to newPassword or sets its key to a random value. Optionally its salt to salt.
In some cases this operation might not be idempotent. For example: if the policy assigned to principal
does not allow the same password to be reused, the first time the password is changed it will be successful,
however on the second time it will fail with an ErrorCase PasswordIsBeingReused.
The password is not sent with the "-pw" option so it will not be exposed via the system process list.
Kadmin will be started with the doOperation method, that is, a password authentication
will performed as specified in the configuration.
the principal to change the password.
the new password
an Expect that changes principal password.
Checks if the password of principal is password.
Checks if the password of principal is password.
The check is performed by trying to obtain a ticket with kinit.
A ticket won't actually be generated since kinit is invoked with the crendentials cache set to /dev/null.
To obtain a ticket use the function obtainTicketGrantingTicket.
the principal to test the password.
the password to test.
an Expect that checks if the password of principal is password.
Creates a keytab for the given principal.
Creates a keytab for the given principal. The keytab can then be obtained with the obtainKeytab method.
This operation is NOT idempotent, since multiple invocations lead to the keytab file being appended with the same tickets but with different keys.
the options to pass to the ktadd command. These are not check for validity.
the principal for whom to create the keytab.
an Expect that creates the keytab for principal.
Deletes policy.
Deletes policy.
This operation is idempotent, that is, if this method is invoked twice for the same principal it will be successful in both invocations. This means that this operation can be repeated or retried as often as necessary without causing unintended effects.
Kadmin will be started with the doOperation method, that is, a password authentication
will performed as specified in the configuration.
the policy to delete.
an Expect that deletes policy.
Deletes principal.
Deletes principal.
This operation is idempotent, that is, if this method is invoked twice for the same principal it will be successful in both invocations. This means that this operation can be repeated or retried as often as necessary without causing unintended effects.
Kadmin will be started with the doOperation method, that is, a password authentication
will performed as specified in the configuration.
the principal to delete.
an Expect that deletes principal.
Creates an Expect that performs a kadmin operation f and then quits kadmin.
Creates an Expect that performs a kadmin operation f and then quits kadmin.
If the configuration password-authentication is set to true then the authentication is performed by
sending password and waiting for either an error message saying the password was incorrect or the kadmin prompt.
If the password was incorrect a Left(IncorrectPassword) will be returned.
the type for the Right of the Either returned by the Expect.
the kerberos administration operation to perform.
an Expect that performs the operation f and then quits kadmin.
doOperation { e =>
e.expect(KadminPrompt)
.sendln(s"getprinc fullPrincipal")
}
Sets the principal expiration date time to expirationDateTime.
Sets the principal expiration date time to expirationDateTime.
To expire the principal immediately:
expirePrincipal(principal)
To expire the principal 2 days from now:
expirePrincipal(principal, 2.days)To ensure a principal never expires:
expirePrincipal(principal, Never)
This operation is idempotent, that is, if this method is invoked twice for the same principal it will be successful in both invocations. This means that this operation can be repeated or retried as often as necessary without causing unintended effects.
Kadmin will be started with the doOperation method, that is, a password authentication
will performed as specified in the configuration.
the principal to expire.
the datetime to set as the principal expiration date. The timezone will be ignored.
an Expect that expires principal.
Set the password expiration date of principal to datetime (with some caveats, read below).
Set the password expiration date of principal to datetime (with some caveats, read below).
This method might not change the password expiration date time. This is due to the fact that principal might
have a policy that imposes a limit on how soon the password can expire and datetime comes sooner than that limit.
To guarantee that the date will actually change it is necessary to clear the principal policy. This can be
achieved by invoking this method with force set to true. If you do so, then it is your responsibility to
change, at a later time, the policy back to the intended one. However bear in mind that doing so might cause the
expiration date to revert back to the one defined by the policy.
WARNING when this method is invoked with force set to false and the password expiration date does not change
(due to the policy) getPasswordExpirationDate will return the original date (the one set by the policy).
However if the policy is cleared and getPasswordExpirationDate is invoked again, the obtained datetime
will be the one set by this method. This caveat comes from the kadmin utility and not from this library.
Due to its caveats this method SHOULD ONLY BE USED FOR DEBUGGING applications where the fact that the principal password is about to expire or has expired changes the behavior of the application.
Kadmin will be started with the doOperation method, that is, a password authentication
will performed as specified in the configuration.
the principal to set the password expiration date.
the datetime to set as the password expiration date. The timezone will be ignored.
whether or not to clear the principal policy. By default this is set to false.
an Expect that sets the password expiration date of principal to date.
The File for the principal keytab.
Performs a "get_policy $$policy" and parses the output to the domain class Policy.
Performs a "get_policy $$policy" and parses the output to the domain class Policy.
Kadmin will be started with the doOperation method, that is, a password authentication
will performed as specified in the configuration.
the policy name.
an Expect that returns the Policy.
Performs a "get_principal principal" and parses the output to the domain class Principal.
Performs a "get_principal principal" and parses the output to the domain class Principal.
Kadmin will be started with the doOperation method, that is, a password authentication
will performed as specified in the configuration.
the principal name.
an Expect that returns the Principal.
List all principals matching the glob expression.
List all principals matching the glob expression.
If expressionGlob is the empty String all principals will be listed.
the glob expression to pass to kadmin list_principals.
an Expect that returns the list of principals.
Modifies policy using options.
Modifies policy using options.
This operation is idempotent, that is, if this method is invoked twice for the same principal it will be successful in both invocations. This means that this operation can be repeated or retried as often as necessary without causing unintended effects.
Kadmin will be started with the doOperation method, that is, a password authentication
will performed as specified in the configuration.
the parameters to pass to the kadmin modify_policy operation.
See Modify
policy (MIT Kerberos) for a full list. The parameters are not checked for validity.
the principal to policy.
an Expect that modifies policy.
Modifies principal using options.
Modifies principal using options.
Kadmin will be started with the doOperation method, that is, a password authentication
will performed as specified in the configuration.
the parameters to pass to the kadmin modify_principal operation.
See Modify
Principal (MIT Kerberos) for a full list. The parameters are not checked for validity.
the principal to modify.
an Expect that modifies principal.
Obtains a keytab for the given principal.
Obtains a keytab for the given principal.
If the principal does not have a keytab or the keytab exists but it isn't readable by the current user a None
will be returned.
the principal to obtain the keytab.
Performs the operation f over the output returned by "get_policy $$policy".
Performs the operation f over the output returned by "get_policy $$policy".
This is useful to read the policy attributes.
Kadmin will be started with the doOperation method, that is, a password authentication
will performed as specified in the configuration.
the type for the Right of the Either returned by the Expect.
the policy to get the attributes.
the operation to perform upon the policy attributes.
an Expect that lists the policy attributes, performs the operation f and then quits kadmin.
withPolicy(policy){ expectBlock =>
expectBlock.when("""Minimum password length: (\d+)\n""".r)
.returning{ m: Match =>
//m.group(1) will contain the minimum password length.
}
Performs the operation f over the output returned by "get_principal principal".
Performs the operation f over the output returned by "get_principal principal".
This is useful to read the principal attributes that are not included with getPrincipal.
Kadmin will be started with the doOperation method, that is, a password authentication
will performed as specified in the configuration.
Consider using the parseDateTime method if f is to parse a date time.
And parseDuration method if f is to parse a duration.
the type for the Right of the Either returned by the Expect.
the principal to get the attributes.
the operation to perform upon the principal attributes.
an Expect that lists the principal attributes, performs the operation f and then quits kadmin.
withPrincipal(principal){ expectBlock =>
expectBlock.when("""Maximum ticket life: ([^\n]+)\n""".r)
.returning{ m: Match =>
val maximumTicketLife = parseDuration(m.group(1))
}