class Kadmin extends LazyLogging
- Grouped
- Alphabetic
- By Inheritance
- Kadmin
- LazyLogging
- AnyRef
- Any
- by any2stringadd
- by StringFormat
- by Ensuring
- by ArrowAssoc
- Hide All
- Show All
- Public
- All
Instance Constructors
- new Kadmin(realm: String, principal: String, keytab: File)
- new Kadmin(realm: String, principal: String, keytab: File, command: String)
- new Kadmin(realm: String, principal: String, keytab: File, command: Seq[String])
- new Kadmin(realm: String, principal: String, password: String)
- new Kadmin(realm: String, principal: String, password: String, command: String)
- new Kadmin(realm: String, principal: String, password: String, command: Seq[String])
- new Kadmin(config: Config)
- new Kadmin(settings: Settings)
Value Members
-
final
def
!=(arg0: Any): Boolean
- Definition Classes
- AnyRef → Any
-
final
def
##(): Int
- Definition Classes
- AnyRef → Any
- def +(other: String): String
- def ->[B](y: B): (Kadmin, B)
-
final
def
==(arg0: Any): Boolean
- Definition Classes
- AnyRef → Any
-
def
addPolicy(policy: Policy): Expect[Either[ErrorCase, Unit]]
Creates
policy
usingoptions
.Creates
policy
usingoptions
. The parameters toadd_policy
will be computed frompolicy
. All the parameters listed here will be used, except "allowedkeysalts", which will only be used if it is a Some.This operation is idempotent, that is, if this method is invoked twice for the same principal it will be successful in both invocations. This means that this operation can be repeated or retried as often as necessary without causing unintended effects.
Kadmin will be started with the
doOperation
method, that is, a password authentication will performed as specified in the configuration.- policy
the policy to create.
- returns
an Expect that creates
policy
.
-
def
addPolicy(options: String, policy: String): Expect[Either[ErrorCase, Unit]]
Creates
policy
usingoptions
.Creates
policy
usingoptions
. This method is more general than the one receiving aPolicy
, as it allows to specify only the pretended options, where as the one receiving aPolicy
will always use the same options.This operation is idempotent, that is, if this method is invoked twice for the same principal it will be successful in both invocations. This means that this operation can be repeated or retried as often as necessary without causing unintended effects.
Kadmin will be started with the
doOperation
method, that is, a password authentication will performed as specified in the configuration.- options
the parameters to pass to the kadmin
add_policy
operation. See Add Policy (MIT Kerberos) for a full list. The parameters are not checked for validity.- policy
the policy to create.
- returns
an Expect that creates
policy
.
-
def
addPrincipal(principal: Principal, password: Option[String], randKey: Boolean, keysalt: Option[KeySalt]): Expect[Either[ErrorCase, Unit]]
Creates
principal
usingoptions
.Creates
principal
usingoptions
. The parameters toadd_principal
will be computed fromprincipal
. Ifprincipal
already existsmodifyPrincipal
will be invoked to make this operation idempotent (see the caveats bellow).This operation is idempotent, that is, if this method is invoked twice for the same principal it will be successful in both invocations. This means that this operation can be repeated or retried as often as necessary without causing unintended effects. However there are some caveats: if
principal
already exists and any ofnewPassword
,randKey
orkeysalt
is defined, thenchangePassword
will be invoked after themodifyPrincipal
. SincechangePassword
is not always idempotent this method might also not be.The password is not sent with the "-pw" option so it will not be exposed via the system process list. Nor it will be exposed via the logs.
Kadmin will be started with the
doOperation
method, that is, a password authentication will performed as specified in the configuration.- principal
the principal to create.
- returns
an Expect that creates
principal
.
-
def
addPrincipal(options: String, principal: String, password: Option[String] = None, randKey: Boolean = false, keysalt: Option[KeySalt] = None): Expect[Either[ErrorCase, Unit]]
Creates
principal
usingoptions
.Creates
principal
usingoptions
. Ifprincipal
already existsmodifyPrincipal
will be invoked to make this operation idempotent (see the caveats bellow).This method is more general than the one receiving a
Principal
, as it allows to specify only the pretended options, where as the one receiving aPrincipal
will always use the same options.This operation is idempotent, that is, if this method is invoked twice for the same principal it will be successful in both invocations. This means that this operation can be repeated or retried as often as necessary without causing unintended effects. However there are some caveats: if
principal
already exists and any ofnewPassword
,randKey
orkeysalt
is defined, thenchangePassword
will be invoked after themodifyPrincipal
. SincechangePassword
is not always idempotent this method might also not be.The password is not sent with the "-pw" option so it will not be exposed via the system process list. Nor it will be exposed via the logs.
Kadmin will be started with the
doOperation
method, that is, a password authentication will performed as specified in the configuration.- options
the parameters to pass to the kadmin
add_principal
operation. See Add Principal (MIT Kerberos) for a full list. The parameters are not checked for validity.- principal
the principal to create.
- returns
an Expect that creates
principal
.
-
final
def
asInstanceOf[T0]: T0
- Definition Classes
- Any
-
def
changePassword(principal: String, newPassword: Option[String] = None, randKey: Boolean = false, keysalt: Option[KeySalt] = None): Expect[Either[ErrorCase, Unit]]
Changes the
principal
password tonewPassword
or sets its key to a random value.Changes the
principal
password tonewPassword
or sets its key to a random value. Optionally its salt tosalt
.In some cases this operation might not be idempotent. For example: if the policy assigned to
principal
does not allow the same password to be reused, the first time the password is changed it will be successful, however on the second time it will fail with an ErrorCasePasswordIsBeingReused
.The password is not sent with the "-pw" option so it will not be exposed via the system process list. Nor it will be exposed via the logs.
Kadmin will be started with the
doOperation
method, that is, a password authentication will performed as specified in the configuration.- principal
the principal to change the password.
- newPassword
the new password
- returns
an Expect that changes
principal
password.
-
def
checkPassword(principal: String, password: String): Expect[Either[ErrorCase, Unit]]
Checks if the password of
principal
ispassword
.Checks if the password of
principal
ispassword
.The check is performed by trying to obtain a ticket with kinit.
A ticket won't actually be generated since kinit is invoked with the crendentials cache set to /dev/null.
To obtain a ticket use the function
obtainTicketGrantingTicket
.- principal
the principal to test the password.
- password
the password to test.
- returns
an Expect that checks if the password of
principal
ispassword
.
-
def
clone(): AnyRef
- Attributes
- protected[java.lang]
- Definition Classes
- AnyRef
- Annotations
- @throws( ... )
-
def
createKeytab(options: String, principal: String): Expect[Either[ErrorCase, Unit]]
Creates a keytab for the given
principal
.Creates a keytab for the given
principal
. The keytab can then be obtained with theobtainKeytab
method.This operation is NOT idempotent, since multiple invocations lead to the keytab file being appended with the same tickets but with different keys.
- options
the options to pass to the ktadd command. These are not check for validity.
- principal
the principal for whom to create the keytab.
- returns
an Expect that creates the keytab for
principal
.
-
def
deletePolicy(policy: Policy): Expect[Either[ErrorCase, Unit]]
Deletes
policy
.Deletes
policy
.This operation is idempotent, that is, if this method is invoked twice for the same principal it will be successful in both invocations. This means that this operation can be repeated or retried as often as necessary without causing unintended effects.
Kadmin will be started with the
doOperation
method, that is, a password authentication will performed as specified in the configuration.- policy
the policy to delete.
- returns
an Expect that deletes
policy
.
-
def
deletePolicy(policy: String): Expect[Either[ErrorCase, Unit]]
Deletes
policy
.Deletes
policy
.This operation is idempotent, that is, if this method is invoked twice for the same principal it will be successful in both invocations. This means that this operation can be repeated or retried as often as necessary without causing unintended effects.
Kadmin will be started with the
doOperation
method, that is, a password authentication will performed as specified in the configuration.- policy
the policy to delete.
- returns
an Expect that deletes
policy
.
-
def
deletePrincipal(principal: Principal): Expect[Either[ErrorCase, Unit]]
Deletes
principal
.Deletes
principal
.This operation is idempotent, that is, if this method is invoked twice for the same principal it will be successful in both invocations. This means that this operation can be repeated or retried as often as necessary without causing unintended effects.
Kadmin will be started with the
doOperation
method, that is, a password authentication will performed as specified in the configuration.- principal
the principal to delete.
- returns
an Expect that deletes
principal
.
-
def
deletePrincipal(principal: String): Expect[Either[ErrorCase, Unit]]
Deletes
principal
.Deletes
principal
.This operation is idempotent, that is, if this method is invoked twice for the same principal it will be successful in both invocations. This means that this operation can be repeated or retried as often as necessary without causing unintended effects.
Kadmin will be started with the
doOperation
method, that is, a password authentication will performed as specified in the configuration.- principal
the principal to delete.
- returns
an Expect that deletes
principal
.
-
def
doOperation[R](command: String)(f: (Expect[Either[ErrorCase, R]]) ⇒ Unit): Expect[Either[ErrorCase, R]]
Performs the kadmin
command
using a newly created expect where the authentication, either via password or keytab, has already been performed.Performs the kadmin
command
using a newly created expect where the authentication, either via password or keytab, has already been performed. The functionf
can then be used to describe the interactions needed to validate the performed command. Afterf
the kadmin is exited by sending it the "quit" command.A keytab authentication is preferred over a password authentication. In order for a password authentication to be performed the
keytab
setting must be an empty string. When performing a password authentication the password will not be exposed via the system process list nor it will be exposed in the logs.- R
the type for the Right of the Either returned by the Expect.
- command
the kerberos administration command to perform.
- f
aditional expect operations to perform after executing the command. This is usefull to validate the command, or to set the value returned by expect to a more meaningful type.
- returns
an Expect that performs the operation
f
and then quits kadmin.
doOperation(s"getprinc $$fullPrincipal") { e => e.expect("Principal not found") .returning(Left(NoSuchPrincipal)) }
Example: - def ensuring(cond: (Kadmin) ⇒ Boolean, msg: ⇒ Any): Kadmin
- def ensuring(cond: (Kadmin) ⇒ Boolean): Kadmin
- def ensuring(cond: Boolean, msg: ⇒ Any): Kadmin
- def ensuring(cond: Boolean): Kadmin
-
final
def
eq(arg0: AnyRef): Boolean
- Definition Classes
- AnyRef
-
def
equals(arg0: Any): Boolean
- Definition Classes
- AnyRef → Any
-
def
expirePrincipal(principal: String, expirationDateTime: ExpirationDateTime = DateTime.now()): Expect[Either[ErrorCase, Unit]]
Sets the
principal
expiration date time toexpirationDateTime
.Sets the
principal
expiration date time toexpirationDateTime
.To expire the principal immediately:
expirePrincipal(principal)
To expire the principal 2 days from now:
expirePrincipal(principal, 2.days)
To ensure a principal never expires:
expirePrincipal(principal, Never)
This operation is idempotent, that is, if this method is invoked twice for the same principal it will be successful in both invocations. This means that this operation can be repeated or retried as often as necessary without causing unintended effects.
Kadmin will be started with the
doOperation
method, that is, a password authentication will performed as specified in the configuration.- principal
the principal to expire.
- expirationDateTime
the datetime to set as the principal expiration date. The timezone will be ignored.
- returns
an Expect that expires
principal
.
-
def
expirePrincipalPassword(principal: String, expirationDateTime: ExpirationDateTime = DateTime.now(), force: Boolean = false): Expect[Either[ErrorCase, Unit]]
Set the password expiration date of
principal
todatetime
with some caveats, read below.Set the password expiration date of
principal
todatetime
with some caveats, read below.This method might not change the password expiration date time. This is due to the fact that
principal
might have a policy that imposes a limit on how soon the password can expire anddatetime
comes sooner than that limit.To guarantee that the date will actually change it is necessary to clear the principal policy. This can be achieved by invoking this method with
force
set to true. If you do so, then it is your responsibility to change, at a later time, the policy back to the intended one. However bear in mind that doing so might cause the expiration date to revert back to the one defined by the policy.WARNING when this method is invoked with
force
set to false and the password expiration date does not change (due to the policy)getPasswordExpirationDate
will return the original date (the one set by the policy). However if the policy is cleared andgetPasswordExpirationDate
is invoked again, the obtained datetime will be the one set by this method. This caveat comes from the kadmin utility and not from this library.Due to its caveats this method SHOULD ONLY BE USED FOR DEBUGGING applications where the fact that the principal password is about to expire or has expired changes the behavior of the application.
Kadmin will be started with the
doOperation
method, that is, a password authentication will performed as specified in the configuration.- principal
the principal to set the password expiration date.
- expirationDateTime
the datetime to set as the password expiration date. The timezone will be ignored.
- force
whether or not to clear the principal policy. By default this is set to false.
- returns
an Expect that sets the password expiration date of
principal
todate
.
-
def
finalize(): Unit
- Attributes
- protected[java.lang]
- Definition Classes
- AnyRef
- Annotations
- @throws( classOf[java.lang.Throwable] )
- def formatted(fmtstr: String): String
-
def
fullPrincipalName(principal: String): String
- principal
the principal name to append the realm to.
- returns
The principal with the realm appended. Throws IllegalArgumentException if the principal contains an unknown realm aka one that is different from the one in
Settings
.
-
final
def
getClass(): Class[_]
- Definition Classes
- AnyRef → Any
-
def
getKeytabFile(principal: String): File
- returns
The File for the
principal
keytab.
-
def
getPolicy(policy: String): Expect[Either[ErrorCase, Policy]]
Performs a "get_policy $$policy" and parses the output to the domain class
Policy
.Performs a "get_policy $$policy" and parses the output to the domain class
Policy
.Kadmin will be started with the
doOperation
method, that is, a password authentication will performed as specified in the configuration.- policy
the policy name.
- returns
an Expect that returns the
Policy
.
-
def
getPrincipal(principal: String): Expect[Either[ErrorCase, Principal]]
Performs a "get_principal principal" and parses the output to the domain class
Principal
.Performs a "get_principal principal" and parses the output to the domain class
Principal
.Kadmin will be started with the
doOperation
method, that is, a password authentication will performed as specified in the configuration.- principal
the principal name.
- returns
an Expect that returns the
Principal
.
-
def
hashCode(): Int
- Definition Classes
- AnyRef → Any
-
final
def
isInstanceOf[T0]: Boolean
- Definition Classes
- Any
-
def
listPolicies(expressionGlob: String): Expect[Either[ErrorCase, Seq[String]]]
List all policies matching the glob expression.
List all policies matching the glob expression.
If
expressionGlob
is the empty String all policies will be listed.- expressionGlob
the glob expression to pass to kadmin get_policies.
- returns
an Expect that returns the list of policies.
-
def
listPrincipals(expressionGlob: String): Expect[Either[ErrorCase, Seq[String]]]
List all principals matching the glob expression.
List all principals matching the glob expression.
If
expressionGlob
is the empty String all principals will be listed.- expressionGlob
the glob expression to pass to kadmin list_principals.
- returns
an Expect that returns the list of principals.
-
lazy val
logger: Logger
- Attributes
- protected
- Definition Classes
- LazyLogging
-
def
modifyPolicy(policy: Policy): Expect[Either[ErrorCase, Unit]]
Modifies
policy
usingoptions
.Modifies
policy
usingoptions
. The parameters tomodify_policy
will be computed frompolicy
. All the parameters listed here will be used, except "allowedkeysalts", which will only be used if it is a Some.This operation is idempotent, that is, if this method is invoked twice for the same principal it will be successful in both invocations. This means that this operation can be repeated or retried as often as necessary without causing unintended effects.
Kadmin will be started with the
doOperation
method, that is, a password authentication will performed as specified in the configuration.- policy
the principal to policy.
- returns
an Expect that modifies
policy
.
-
def
modifyPolicy(options: String, policy: String): Expect[Either[ErrorCase, Unit]]
Modifies
policy
usingoptions
.Modifies
policy
usingoptions
. This method is more general than the one receiving aPolicy
, as it allows to specify only the pretended options, where as the one receiving aPolicy
will always use the same options.This operation is idempotent, that is, if this method is invoked twice for the same principal it will be successful in both invocations. This means that this operation can be repeated or retried as often as necessary without causing unintended effects.
Kadmin will be started with the
doOperation
method, that is, a password authentication will performed as specified in the configuration.- options
the parameters to pass to the kadmin
modify_policy
operation. See Modify policy (MIT Kerberos) for a full list. The parameters are not checked for validity.- policy
the principal to policy.
- returns
an Expect that modifies
policy
.
-
def
modifyPrincipal(principal: Principal): Expect[Either[ErrorCase, Unit]]
Modifies
principal
usingoptions
.Modifies
principal
usingoptions
. The parameters tomodify_principal
will be computed fromprincipal
.Kadmin will be started with the
doOperation
method, that is, a password authentication will performed as specified in the configuration.- principal
the principal to modify.
- returns
an Expect that modifies
principal
.
-
def
modifyPrincipal(options: String, principal: String): Expect[Either[ErrorCase, Unit]]
Modifies
principal
usingoptions
.Modifies
principal
usingoptions
. This method is more general than the one receiving aPrincipal
, as it allows to specify only the pretended options, where as the one receiving aPrincipal
will always use the same options.Kadmin will be started with the
doOperation
method, that is, a password authentication will performed as specified in the configuration.- options
the parameters to pass to the kadmin
modify_principal
operation. See Modify Principal (MIT Kerberos) for a full list. The parameters are not checked for validity.- principal
the principal to modify.
- returns
an Expect that modifies
principal
.
-
final
def
ne(arg0: AnyRef): Boolean
- Definition Classes
- AnyRef
-
final
def
notify(): Unit
- Definition Classes
- AnyRef
-
final
def
notifyAll(): Unit
- Definition Classes
- AnyRef
-
def
obtainKeytab(principal: String): Either[ErrorCase, Array[Byte]]
Obtains a keytab for the given
principal
.Obtains a keytab for the given
principal
. If the principal does not have a keytab or the keytab exists but it isn't readable by the current user a None will be returned.- principal
the principal to obtain the keytab.
- val settings: Settings
-
final
def
synchronized[T0](arg0: ⇒ T0): T0
- Definition Classes
- AnyRef
-
def
toString(): String
- Definition Classes
- AnyRef → Any
-
final
def
wait(): Unit
- Definition Classes
- AnyRef
- Annotations
- @throws( ... )
-
final
def
wait(arg0: Long, arg1: Int): Unit
- Definition Classes
- AnyRef
- Annotations
- @throws( ... )
-
final
def
wait(arg0: Long): Unit
- Definition Classes
- AnyRef
- Annotations
- @throws( ... )
-
def
withPolicy[R](policy: String)(f: (ExpectBlock[Either[ErrorCase, R]]) ⇒ Unit): Expect[Either[ErrorCase, R]]
Performs the operation
f
over the output returned by "get_policy $$policy".Performs the operation
f
over the output returned by "get_policy $$policy". This is useful to read the policy attributes.Kadmin will be started with the
doOperation
method, that is, a password authentication will performed as specified in the configuration.- R
the type for the Right of the Either returned by the Expect.
- policy
the policy to get the attributes.
- f
the operation to perform upon the policy attributes.
- returns
an Expect that lists the
policy
attributes, performs the operationf
and then quits kadmin.
withPolicy(policy){ expectBlock => expectBlock.when("""Minimum password length: (\d+)\n""".r) .returning{ m: Match => //m.group(1) will contain the minimum password length. }
Example: -
def
withPrincipal[R](principal: String)(f: (ExpectBlock[Either[ErrorCase, R]]) ⇒ Unit): Expect[Either[ErrorCase, R]]
Performs the operation
f
over the output returned by "get_principal principal".Performs the operation
f
over the output returned by "get_principal principal". This is useful to read the principal attributes that are not included withgetPrincipal
.Kadmin will be started with the
doOperation
method, that is, a password authentication will performed as specified in the configuration.Consider using the
parseDateTime
method iff
is to parse a date time. AndparseDuration
method iff
is to parse a duration.- R
the type for the Right of the Either returned by the Expect.
- principal
the principal to get the attributes.
- f
the operation to perform upon the principal attributes.
- returns
an Expect that lists the
principal
attributes, performs the operationf
and then quits kadmin.
withPrincipal(principal){ expectBlock => expectBlock.when("""Maximum ticket life: ([^\n]+)\n""".r) .returning{ m: Match => val maximumTicketLife = parseDuration(m.group(1)) }
Example: - def →[B](y: B): (Kadmin, B)