Creates policy
using options
.
Creates policy
using options
.
This operation is idempotent, that is, if this method is invoked twice for the same principal it will be successful in both invocations. This means that this operation can be repeated or retried as often as necessary without causing unintended effects.
Kadmin will be started with the doOperation
method, that is, it will perform
authentication as specified in the configuration.
the parameters to pass to the kadmin add_policy
operation.
See Add
Policy (MIT Kerberos) for a full list. The parameters are not checked for validity.
the policy to create.
an Expect that creates policy
.
Creates principal
using options
.
Creates principal
using options
.
This operation is idempotent, that is, if this method is invoked twice for the same principal
it will be successful in both invocations. This means that this operation can be repeated or retried as
often as necessary without causing unintended effects. Except if options
contains any of:
-randkey
-pw password
-e enc:salt
Kadmin will be started with the doOperation
method, that is, it will perform
authentication as specified in the configuration.
the parameters to pass to the kadmin add_principal
operation.
See Add
Principal (MIT Kerberos) for a full list. The parameters are not checked for validity.
the principal to create.
an Expect that creates principal
.
Changes the principal
password to newPassword
and/or sets its key to a random value
and/or sets its salt to salt
.
Changes the principal
password to newPassword
and/or sets its key to a random value
and/or sets its salt to salt
.
In some cases this operation might not be idempotent. For example: if the policy assigned to principal
does not allow the same password to be reused, the first time the password is changed it will be successful,
however on the second time it will fail with an ErrorCase PasswordIsBeingReused
.
Kadmin will be started with the doOperation
method, that is, it will perform
authentication as specified in the configuration.
the principal to change the password.
the new password
an Expect that changes principal
password.
Checks if the password of principal
is password
.
Checks if the password of principal
is password
.
The check is performed by trying to obtain a ticket with kinit.
A ticket won't actually be generated since kinit is invoked with the crendentials cache set to /dev/null.
To obtain a ticket use the function obtainTicketGrantingTicket
.
the principal to test the password.
the password to test.
an Expect that checks if the password of principal
is password
.
Creates a keytab for the given principal
.
Creates a keytab for the given principal
. The keytab can then be obtained with the obtainKeytab
method.
This operation is NOT idempotent, since multiple invocations lead to the keytab file being appended with the same tickets but with different keys.
the principal for whom to create the keytab.
an Expect that creates the keytab for principal
.
Deletes policy
.
Deletes policy
.
This operation is idempotent, that is, if this method is invoked twice for the same principal it will be successful in both invocations. This means that this operation can be repeated or retried as often as necessary without causing unintended effects.
Kadmin will be started with the doOperation
method, that is, it will perform
authentication as specified in the configuration.
the policy to delete.
an Expect that deletes policy
.
Deletes principal
.
Deletes principal
.
This operation is idempotent, that is, if this method is invoked twice for the same principal it will be successful in both invocations. This means that this operation can be repeated or retried as often as necessary without causing unintended effects.
Kadmin will be started with the doOperation
method, that is, it will perform
authentication as specified in the configuration.
the principal to delete.
an Expect that deletes principal
.
Creates an Expect that performs a kadmin operation f
and then quits kadmin.
Creates an Expect that performs a kadmin operation f
and then quits kadmin.
If the configuration perform-authentication
is set to true then access to kadmin will be authenticated.
Otherwise it will be unauthenticated.
the type for the Right of the Either returned by the Expect.
the kerberos administration operation to perform.
an Expect that performs the operation f
and then quits kadmin.
doOperation { e => e.expect(KadminPrompt) .sendln(s"getprinc fullPrincipal") }
Sets the principal
expiration date time to expirationDateTime
.
Sets the principal
expiration date time to expirationDateTime
.
To expire the principal immediately:
expirePrincipal(principal)
To expire the principal 2 days from now:
expirePrincipal(principal, 2.days)
To ensure a principal never expires:
expirePrincipal(principal, Never)
This operation is idempotent, that is, if this method is invoked twice for the same principal it will be successful in both invocations. This means that this operation can be repeated or retried as often as necessary without causing unintended effects.
Kadmin will be started with the doOperation
method, that is, it will perform
authentication as specified in the configuration.
the principal to expire.
the datetime to set as the principal expiration date. The timezone will be ignored.
an Expect that expires principal
.
Set the password expiration date of principal
to datetime
(with some caveats, read below).
Set the password expiration date of principal
to datetime
(with some caveats, read below).
This method might not change the password expiration date time. This is due to the fact that principal
might
have a policy that imposes a limit on how soon the password can expire and datetime
comes sooner than that limit.
To guarantee that the date will actually change it is necessary to clear the principal policy. This can be
achieved by invoking this method with force
set to true. If you do so, then it is your responsibility to
change, at a later time, the policy back to the intended one. However bear in mind that doing so might cause the
expiration date to revert back to the one defined by the policy.
WARNING when this method is invoked with force
set to false and the password expiration date does not change
(due to the policy) getPasswordExpirationDate
will return the original date (the one set by the policy).
However if the policy is cleared and getPasswordExpirationDate
is invoked again, the obtained datetime
will be the one set by this method. This caveat comes from the kadmin utility and not from this library.
Due to its caveats this method SHOULD ONLY BE USED FOR DEBUGGING applications where the fact that the principal password is about to expire or has expired changes the behavior of the application.
Kadmin will be started with the doOperation
method, that is, it will perform
authentication as specified in the configuration.
the principal to set the password expiration date.
the datetime to set as the password expiration date. The timezone will be ignored.
whether or not to clear the principal policy. By default this is set to false.
an Expect that sets the password expiration date of principal
to date
.
The File for the principal
keytab.
Performs a "get_policy $$policy" and parses the output to the domain class Policy
.
Performs a "get_policy $$policy" and parses the output to the domain class Policy
.
Kadmin will be started with the doOperation
method, that is, it will perform
authentication as specified in the configuration.
the policy name.
an Expect that returns the Policy
.
Performs a "get_principal principal" and parses the output to the domain class Principal
.
Performs a "get_principal principal" and parses the output to the domain class Principal
.
Kadmin will be started with the doOperation
method, that is, it will perform
authentication as specified in the configuration.
the principal name.
an Expect that returns the Principal
.
Modifies policy
using options
.
Modifies policy
using options
.
This operation is idempotent, that is, if this method is invoked twice for the same principal it will be successful in both invocations. This means that this operation can be repeated or retried as often as necessary without causing unintended effects.
Kadmin will be started with the doOperation
method, that is, it will perform
authentication as specified in the configuration.
the parameters to pass to the kadmin modify_policy
operation.
See Modify
policy (MIT Kerberos) for a full list. The parameters are not checked for validity.
the principal to policy.
an Expect that modifies policy
.
Modifies principal
using options
.
Modifies principal
using options
.
This operation is idempotent, that is, if this method is invoked twice for the same principal
it will be successful in both invocations. This means that this operation can be repeated or retried as
often as necessary without causing unintended effects. Except if options
contains any of:
-randkey
-pw password
-e enc:salt
Kadmin will be started with the doOperation
method, that is, it will perform
authentication as specified in the configuration.
the parameters to pass to the kadmin modify_principal
operation.
See Modify
Principal (MIT Kerberos) for a full list. The parameters are not checked for validity.
the principal to modify.
an Expect that modifies principal
.
Obtains a keytab for the given principal
.
Obtains a keytab for the given principal
.
If the principal does not have a keytab or the keytab exists but it isn't readable by the current user a None
will be returned.
the principal to obtain the keytab.
Obtains a ticket granting ticket for authenticatingPrincipal
using
authenticatingPrincipalPassword
as the password.
Obtains a ticket granting ticket for authenticatingPrincipal
using
authenticatingPrincipalPassword
as the password.
If the intended use case is to check whether the principal password is the correct one, then the function
checkPassword
is more suited to that effect.
The ticket will be obtained in the machine that invokes this code.
Either an ErrorCase or a date time of when the obtained ticked must be renewed.
Creates an Expect that performs an authenticated kadmin operation f
and then quits kadmin.
Creates an Expect that performs an authenticated kadmin operation f
and then quits kadmin.
Kadmin is started using command-with-authentication
configuration value.
The authentication is performed by sending authenticatingPrincipalPassword
and waiting for either
an error message saying the password was incorrect or the kadmin prompt. If the password was incorrect Expect
will return a Left(IncorrectPassword).
If no authentication is required use withoutAuthentication
instead.
the type for the Right of the Either returned by the Expect.
the kerberos administration operation to perform.
an Expect that performs the authentication, the operation f
and then quits kadmin.
withAuthentication { e => e.expect(KadminPrompt) .sendln(s"getprinc fullPrincipal") }
Performs the operation f
over the output returned by "get_policy $$policy".
Performs the operation f
over the output returned by "get_policy $$policy".
This is useful to read the policy attributes.
Kadmin will be started with the doOperation
method, that is, it will perform
authentication as specified in the configuration.
the type for the Right of the Either returned by the Expect.
the policy to get the attributes.
the operation to perform upon the policy attributes.
an Expect that lists the policy
attributes, performs the operation f
and then quits kadmin.
withPolicy(policy){ expectBlock => expectBlock.when("""Minimum password length: (\d+)\n""".r) .returning{ m: Match => //m.group(1) will contain the minimum password length. }
Performs the operation f
over the output returned by "get_principal principal".
Performs the operation f
over the output returned by "get_principal principal".
This is useful to read the principal attributes that are not included with getPrincipal
.
Kadmin will be started with the doOperation
method, that is, it will perform
authentication as specified in the configuration.
Consider using the parseDateTime
method if f
is to parse a date time.
And parseDuration
method if f
is to parse a duration.
the type for the Right of the Either returned by the Expect.
the principal to get the attributes.
the operation to perform upon the principal attributes.
an Expect that lists the principal
attributes, performs the operation f
and then quits kadmin.
withPrincipal(principal){ expectBlock => expectBlock.when("""Maximum ticket life: ([^\n]+)\n""".r) .returning{ m: Match => val maximumTicketLife = parseDuration(m.group(1)) }
Creates an Expect that performs a kadmin operation f
and then quits kadmin.
Creates an Expect that performs a kadmin operation f
and then quits kadmin.
Kadmin is started using command-without-authentication
configuration value. It is assumed that this command
starts kadmin in a way that requires no authentication (such as using kadmin.local on the master KDC).
If authentication is required use withAuthentication
instead.
the type for the Right of the Either returned by the Expect.
the kerberos administration operation to perform.
an Expect that performs the operation f
and then quits kadmin.
withoutAuthentication { e => e.expect(KadminPrompt) .sendln(s"getprinc fullPrincipal") }