final def !=(arg0: Any): Boolean

Definition Classes: AnyRef → Any

final def ##(): Int

Definition Classes: AnyRef → Any

def +(other: String): String

Implicit: This member is added by an implicit conversion from Kadmin to any2stringadd[Kadmin] performed by method any2stringadd in scala.Predef.
Definition Classes: any2stringadd

def ->[B](y: B): (Kadmin, B)

Implicit: This member is added by an implicit conversion from Kadmin to ArrowAssoc[Kadmin] performed by method ArrowAssoc in scala.Predef.
Definition Classes: ArrowAssoc
Annotations: @inline()

final def ==(arg0: Any): Boolean

Definition Classes: AnyRef → Any

def addPolicy(policy: Policy): Expect[Either[ErrorCase, Unit]]

Creates policy using options.

Creates policy using options. The parameters to add_policy will be computed from policy. All the parameters listed here will be used, except "allowedkeysalts", which will only be used if it is a Some.

This operation is idempotent, that is, if this method is invoked twice for the same principal it will be successful in both invocations. This means that this operation can be repeated or retried as often as necessary without causing unintended effects.

Kadmin will be started with the doOperation method, that is, a password authentication will performed as specified in the configuration.

policy: the policy to create.
returns: an Expect that creates policy.

def addPolicy(options: String, policy: String): Expect[Either[ErrorCase, Unit]]

Creates policy using options.

Creates policy using options. This method is more general than the one receiving a Policy, as it allows to specify only the pretended options, where as the one receiving a Policy will always use the same options.

This operation is idempotent, that is, if this method is invoked twice for the same principal it will be successful in both invocations. This means that this operation can be repeated or retried as often as necessary without causing unintended effects.

Kadmin will be started with the doOperation method, that is, a password authentication will performed as specified in the configuration.

options: the parameters to pass to the kadmin add_policy operation. See Add Policy (MIT Kerberos) for a full list. The parameters are not checked for validity.
policy: the policy to create.
returns: an Expect that creates policy.

def addPrincipal(principal: Principal, password: Option[String], randKey: Boolean, keysalt: Option[KeySalt]): Expect[Either[ErrorCase, Unit]]

Creates principal using options.

Creates principal using options. The parameters to add_principal will be computed from principal. If principal already exists modifyPrincipal will be invoked to make this operation idempotent (see the caveats bellow).

This operation is idempotent, that is, if this method is invoked twice for the same principal it will be successful in both invocations. This means that this operation can be repeated or retried as often as necessary without causing unintended effects. However there are some caveats: if principal already exists and any of newPassword, randKey or keysalt is defined, then changePassword will be invoked after the modifyPrincipal. Since changePassword is not always idempotent this method might also not be.

The password is not sent with the "-pw" option so it will not be exposed via the system process list. Nor it will be exposed via the logs.

Kadmin will be started with the doOperation method, that is, a password authentication will performed as specified in the configuration.

principal: the principal to create.
returns: an Expect that creates principal.

def addPrincipal(options: String, principal: String, password: Option[String] = None, randKey: Boolean = false, keysalt: Option[KeySalt] = None): Expect[Either[ErrorCase, Unit]]

Creates principal using options.

Creates principal using options. If principal already exists modifyPrincipal will be invoked to make this operation idempotent (see the caveats bellow).

This method is more general than the one receiving a Principal, as it allows to specify only the pretended options, where as the one receiving a Principal will always use the same options.

This operation is idempotent, that is, if this method is invoked twice for the same principal it will be successful in both invocations. This means that this operation can be repeated or retried as often as necessary without causing unintended effects. However there are some caveats: if principal already exists and any of newPassword, randKey or keysalt is defined, then changePassword will be invoked after the modifyPrincipal. Since changePassword is not always idempotent this method might also not be.

The password is not sent with the "-pw" option so it will not be exposed via the system process list. Nor it will be exposed via the logs.

Kadmin will be started with the doOperation method, that is, a password authentication will performed as specified in the configuration.

options: the parameters to pass to the kadmin add_principal operation. See Add Principal (MIT Kerberos) for a full list. The parameters are not checked for validity.
principal: the principal to create.
returns: an Expect that creates principal.

final def asInstanceOf[T0]: T0

Definition Classes: Any

def changePassword(principal: String, newPassword: Option[String] = None, randKey: Boolean = false, keysalt: Option[KeySalt] = None): Expect[Either[ErrorCase, Unit]]

Changes the principal password to newPassword or sets its key to a random value.

Changes the principal password to newPassword or sets its key to a random value. Optionally its salt to salt.

In some cases this operation might not be idempotent. For example: if the policy assigned to principal does not allow the same password to be reused, the first time the password is changed it will be successful, however on the second time it will fail with an ErrorCase PasswordIsBeingReused.

The password is not sent with the "-pw" option so it will not be exposed via the system process list. Nor it will be exposed via the logs.

Kadmin will be started with the doOperation method, that is, a password authentication will performed as specified in the configuration.

principal: the principal to change the password.
newPassword: the new password
returns: an Expect that changes principal password.

def checkPassword(principal: String, password: String): Expect[Either[ErrorCase, Unit]]

Checks if the password of principal is password.

The check is performed by trying to obtain a ticket with kinit.

A ticket won't actually be generated since kinit is invoked with the crendentials cache set to /dev/null.

To obtain a ticket use the function obtainTicketGrantingTicket.

principal: the principal to test the password.
password: the password to test.
returns: an Expect that checks if the password of principal is password.

def clone(): AnyRef

Attributes: protected[java.lang]
Definition Classes: AnyRef
Annotations: @throws( ... )

def createKeytab(options: String, principal: String): Expect[Either[ErrorCase, Unit]]

Creates a keytab for the given principal.

Creates a keytab for the given principal. The keytab can then be obtained with the obtainKeytab method.

This operation is NOT idempotent, since multiple invocations lead to the keytab file being appended with the same tickets but with different keys.

options: the options to pass to the ktadd command. These are not check for validity.
principal: the principal for whom to create the keytab.
returns: an Expect that creates the keytab for principal.

def deletePolicy(policy: Policy): Expect[Either[ErrorCase, Unit]]

Deletes policy.

This operation is idempotent, that is, if this method is invoked twice for the same principal it will be successful in both invocations. This means that this operation can be repeated or retried as often as necessary without causing unintended effects.

Kadmin will be started with the doOperation method, that is, a password authentication will performed as specified in the configuration.

policy: the policy to delete.
returns: an Expect that deletes policy.

def deletePolicy(policy: String): Expect[Either[ErrorCase, Unit]]

Deletes policy.

This operation is idempotent, that is, if this method is invoked twice for the same principal it will be successful in both invocations. This means that this operation can be repeated or retried as often as necessary without causing unintended effects.

Kadmin will be started with the doOperation method, that is, a password authentication will performed as specified in the configuration.

policy: the policy to delete.
returns: an Expect that deletes policy.

def deletePrincipal(principal: Principal): Expect[Either[ErrorCase, Unit]]

Deletes principal.

This operation is idempotent, that is, if this method is invoked twice for the same principal it will be successful in both invocations. This means that this operation can be repeated or retried as often as necessary without causing unintended effects.

Kadmin will be started with the doOperation method, that is, a password authentication will performed as specified in the configuration.

principal: the principal to delete.
returns: an Expect that deletes principal.

def deletePrincipal(principal: String): Expect[Either[ErrorCase, Unit]]

Deletes principal.

This operation is idempotent, that is, if this method is invoked twice for the same principal it will be successful in both invocations. This means that this operation can be repeated or retried as often as necessary without causing unintended effects.

Kadmin will be started with the doOperation method, that is, a password authentication will performed as specified in the configuration.

principal: the principal to delete.
returns: an Expect that deletes principal.

def doOperation[R](command: String)(f: (Expect[Either[ErrorCase, R]]) ⇒ Unit): Expect[Either[ErrorCase, R]]

Performs the kadmin command using a newly created expect where the authentication, either via password or keytab, has already been performed.

Performs the kadmin command using a newly created expect where the authentication, either via password or keytab, has already been performed. The function f can then be used to describe the interactions needed to validate the performed command. After f the kadmin is exited by sending it the "quit" command.

A keytab authentication is preferred over a password authentication. In order for a password authentication to be performed the keytab setting must be an empty string. When performing a password authentication the password will not be exposed via the system process list nor it will be exposed in the logs.

R: the type for the Right of the Either returned by the Expect.
command: the kerberos administration command to perform.
f: aditional expect operations to perform after executing the command. This is usefull to validate the command, or to set the value returned by expect to a more meaningful type.
returns: an Expect that performs the operation f and then quits kadmin.

Example:

doOperation(s"getprinc $$fullPrincipal") { e =>
  e.expect("Principal not found")
    .returning(Left(NoSuchPrincipal))
}

def ensuring(cond: (Kadmin) ⇒ Boolean, msg: ⇒ Any): Kadmin

Implicit: This member is added by an implicit conversion from Kadmin to Ensuring[Kadmin] performed by method Ensuring in scala.Predef.
Definition Classes: Ensuring

def ensuring(cond: (Kadmin) ⇒ Boolean): Kadmin

Implicit: This member is added by an implicit conversion from Kadmin to Ensuring[Kadmin] performed by method Ensuring in scala.Predef.
Definition Classes: Ensuring

def ensuring(cond: Boolean, msg: ⇒ Any): Kadmin

Implicit: This member is added by an implicit conversion from Kadmin to Ensuring[Kadmin] performed by method Ensuring in scala.Predef.
Definition Classes: Ensuring

def ensuring(cond: Boolean): Kadmin

Implicit: This member is added by an implicit conversion from Kadmin to Ensuring[Kadmin] performed by method Ensuring in scala.Predef.
Definition Classes: Ensuring

final def eq(arg0: AnyRef): Boolean

Definition Classes: AnyRef

def equals(arg0: Any): Boolean

Definition Classes: AnyRef → Any

def expirePrincipal(principal: String, expirationDateTime: ExpirationDateTime = DateTime.now()): Expect[Either[ErrorCase, Unit]]

Sets the principal expiration date time to expirationDateTime.

To expire the principal immediately:

expirePrincipal(principal)

To expire the principal 2 days from now:

expirePrincipal(principal, 2.days)

To ensure a principal never expires:

expirePrincipal(principal, Never)

This operation is idempotent, that is, if this method is invoked twice for the same principal it will be successful in both invocations. This means that this operation can be repeated or retried as often as necessary without causing unintended effects.

Kadmin will be started with the doOperation method, that is, a password authentication will performed as specified in the configuration.

principal: the principal to expire.
expirationDateTime: the datetime to set as the principal expiration date. The timezone will be ignored.
returns: an Expect that expires principal.

def expirePrincipalPassword(principal: String, expirationDateTime: ExpirationDateTime = DateTime.now(), force: Boolean = false): Expect[Either[ErrorCase, Unit]]

Set the password expiration date of principal to datetime with some caveats, read below.

This method might not change the password expiration date time. This is due to the fact that principal might have a policy that imposes a limit on how soon the password can expire and datetime comes sooner than that limit.

To guarantee that the date will actually change it is necessary to clear the principal policy. This can be achieved by invoking this method with force set to true. If you do so, then it is your responsibility to change, at a later time, the policy back to the intended one. However bear in mind that doing so might cause the expiration date to revert back to the one defined by the policy.

WARNING when this method is invoked with force set to false and the password expiration date does not change (due to the policy) getPasswordExpirationDate will return the original date (the one set by the policy). However if the policy is cleared and getPasswordExpirationDate is invoked again, the obtained datetime will be the one set by this method. This caveat comes from the kadmin utility and not from this library.

Due to its caveats this method SHOULD ONLY BE USED FOR DEBUGGING applications where the fact that the principal password is about to expire or has expired changes the behavior of the application.

Kadmin will be started with the doOperation method, that is, a password authentication will performed as specified in the configuration.

principal: the principal to set the password expiration date.
expirationDateTime: the datetime to set as the password expiration date. The timezone will be ignored.
force: whether or not to clear the principal policy. By default this is set to false.
returns: an Expect that sets the password expiration date of principal to date.

def finalize(): Unit

Attributes: protected[java.lang]
Definition Classes: AnyRef
Annotations: @throws( classOf[java.lang.Throwable] )

def formatted(fmtstr: String): String

Implicit: This member is added by an implicit conversion from Kadmin to StringFormat[Kadmin] performed by method StringFormat in scala.Predef.
Definition Classes: StringFormat
Annotations: @inline()

def fullPrincipalName(principal: String): String

principal: the principal name to append the realm to.
returns: The principal with the realm appended. Throws IllegalArgumentException if the principal contains an unknown realm aka one that is different from the one in Settings.

final def getClass(): Class[_]

Definition Classes: AnyRef → Any

def getKeytabFile(principal: String): File

returns: The File for the principal keytab.

def getPolicy(policy: String): Expect[Either[ErrorCase, Policy]]

Performs a "get_policy $$policy" and parses the output to the domain class Policy.

Kadmin will be started with the doOperation method, that is, a password authentication will performed as specified in the configuration.

policy: the policy name.
returns: an Expect that returns the Policy.

def getPrincipal(principal: String): Expect[Either[ErrorCase, Principal]]

Performs a "get_principal principal" and parses the output to the domain class Principal.

Kadmin will be started with the doOperation method, that is, a password authentication will performed as specified in the configuration.

principal: the principal name.
returns: an Expect that returns the Principal.

def hashCode(): Int

Definition Classes: AnyRef → Any

final def isInstanceOf[T0]: Boolean

Definition Classes: Any

def listPolicies(expressionGlob: String): Expect[Either[ErrorCase, Seq[String]]]

List all policies matching the glob expression.

If expressionGlob is the empty String all policies will be listed.

expressionGlob: the glob expression to pass to kadmin get_policies.
returns: an Expect that returns the list of policies.

def listPrincipals(expressionGlob: String): Expect[Either[ErrorCase, Seq[String]]]

List all principals matching the glob expression.

If expressionGlob is the empty String all principals will be listed.

expressionGlob: the glob expression to pass to kadmin list_principals.
returns: an Expect that returns the list of principals.

lazy val logger: Logger

Attributes: protected
Definition Classes: LazyLogging

def modifyPolicy(policy: Policy): Expect[Either[ErrorCase, Unit]]

Modifies policy using options.

Modifies policy using options. The parameters to modify_policy will be computed from policy. All the parameters listed here will be used, except "allowedkeysalts", which will only be used if it is a Some.

This operation is idempotent, that is, if this method is invoked twice for the same principal it will be successful in both invocations. This means that this operation can be repeated or retried as often as necessary without causing unintended effects.

Kadmin will be started with the doOperation method, that is, a password authentication will performed as specified in the configuration.

policy: the principal to policy.
returns: an Expect that modifies policy.

def modifyPolicy(options: String, policy: String): Expect[Either[ErrorCase, Unit]]

Modifies policy using options.

Modifies policy using options. This method is more general than the one receiving a Policy, as it allows to specify only the pretended options, where as the one receiving a Policy will always use the same options.

This operation is idempotent, that is, if this method is invoked twice for the same principal it will be successful in both invocations. This means that this operation can be repeated or retried as often as necessary without causing unintended effects.

Kadmin will be started with the doOperation method, that is, a password authentication will performed as specified in the configuration.

options: the parameters to pass to the kadmin modify_policy operation. See Modify policy (MIT Kerberos) for a full list. The parameters are not checked for validity.
policy: the principal to policy.
returns: an Expect that modifies policy.

def modifyPrincipal(principal: Principal): Expect[Either[ErrorCase, Unit]]

Modifies principal using options.

Modifies principal using options. The parameters to modify_principal will be computed from principal.

Kadmin will be started with the doOperation method, that is, a password authentication will performed as specified in the configuration.

principal: the principal to modify.
returns: an Expect that modifies principal.

def modifyPrincipal(options: String, principal: String): Expect[Either[ErrorCase, Unit]]

Modifies principal using options.

Modifies principal using options. This method is more general than the one receiving a Principal, as it allows to specify only the pretended options, where as the one receiving a Principal will always use the same options.

Kadmin will be started with the doOperation method, that is, a password authentication will performed as specified in the configuration.

options: the parameters to pass to the kadmin modify_principal operation. See Modify Principal (MIT Kerberos) for a full list. The parameters are not checked for validity.
principal: the principal to modify.
returns: an Expect that modifies principal.

final def ne(arg0: AnyRef): Boolean

Definition Classes: AnyRef

final def notify(): Unit

Definition Classes: AnyRef

final def notifyAll(): Unit

Definition Classes: AnyRef

def obtainKeytab(principal: String): Either[ErrorCase, Array[Byte]]

Obtains a keytab for the given principal.

Obtains a keytab for the given principal. If the principal does not have a keytab or the keytab exists but it isn't readable by the current user a None will be returned.

principal: the principal to obtain the keytab.

val settings: Settings

final def synchronized[T0](arg0: ⇒ T0): T0

Definition Classes: AnyRef

def toString(): String

Definition Classes: AnyRef → Any

final def wait(): Unit

Definition Classes: AnyRef
Annotations: @throws( ... )

final def wait(arg0: Long, arg1: Int): Unit

Definition Classes: AnyRef
Annotations: @throws( ... )

final def wait(arg0: Long): Unit

Definition Classes: AnyRef
Annotations: @throws( ... )

def withPolicy[R](policy: String)(f: (ExpectBlock[Either[ErrorCase, R]]) ⇒ Unit): Expect[Either[ErrorCase, R]]

Performs the operation f over the output returned by "get_policy $$policy".

Performs the operation f over the output returned by "get_policy $$policy". This is useful to read the policy attributes.

Kadmin will be started with the doOperation method, that is, a password authentication will performed as specified in the configuration.

R: the type for the Right of the Either returned by the Expect.
policy: the policy to get the attributes.
f: the operation to perform upon the policy attributes.
returns: an Expect that lists the policy attributes, performs the operation f and then quits kadmin.

Example:

withPolicy(policy){ expectBlock =>
  expectBlock.when("""Minimum password length: (\d+)\n""".r)
    .returning{ m: Match =>
      //m.group(1) will contain the minimum password length.
    }

def withPrincipal[R](principal: String)(f: (ExpectBlock[Either[ErrorCase, R]]) ⇒ Unit): Expect[Either[ErrorCase, R]]

Performs the operation f over the output returned by "get_principal principal".

Performs the operation f over the output returned by "get_principal principal". This is useful to read the principal attributes that are not included with getPrincipal.

Kadmin will be started with the doOperation method, that is, a password authentication will performed as specified in the configuration.

Consider using the parseDateTime method if f is to parse a date time. And parseDuration method if f is to parse a duration.

R: the type for the Right of the Either returned by the Expect.
principal: the principal to get the attributes.
f: the operation to perform upon the principal attributes.
returns: an Expect that lists the principal attributes, performs the operation f and then quits kadmin.

Example:

withPrincipal(principal){ expectBlock =>
  expectBlock.when("""Maximum ticket life: ([^\n]+)\n""".r)
    .returning{ m: Match =>
      val maximumTicketLife = parseDuration(m.group(1))
    }

def →[B](y: B): (Kadmin, B)

Implicit: This member is added by an implicit conversion from Kadmin to ArrowAssoc[Kadmin] performed by method ArrowAssoc in scala.Predef.
Definition Classes: ArrowAssoc

Packages

Kadmin

class Kadmin extends LazyLogging

Instance Constructors

Value Members

Inherited from LazyLogging

Inherited from AnyRef

Inherited from Any

Inherited by implicit conversion any2stringadd from Kadmin to any2stringadd[Kadmin]

Inherited by implicit conversion StringFormat from Kadmin to StringFormat[Kadmin]

Inherited by implicit conversion Ensuring from Kadmin to Ensuring[Kadmin]

Inherited by implicit conversion ArrowAssoc from Kadmin to ArrowAssoc[Kadmin]

Generic Operations

Keytab Operations

Policy Operations

Principal Operations

Ungrouped

Packages

Kadmin 

class Kadmin extends LazyLogging

Instance Constructors

Value Members

Inherited from LazyLogging

Inherited from AnyRef

Inherited from Any

Inherited by implicit conversion any2stringadd from Kadmin to any2stringadd[Kadmin]

Inherited by implicit conversion StringFormat from Kadmin to StringFormat[Kadmin]

Inherited by implicit conversion Ensuring from Kadmin to Ensuring[Kadmin]

Inherited by implicit conversion ArrowAssoc from Kadmin to ArrowAssoc[Kadmin]

Generic Operations

Keytab Operations

Policy Operations

Principal Operations

Ungrouped

Kadmin