Class: Krb5Auth::Krb5

Inherits:
Object
  • Object
show all
Defined in:
ext/krb5_auth/krb5_auth.c

Defined Under Namespace

Classes: Exception

Constant Summary

VERSION =

The version of the custom krb5_auth library

rb_str_new2("0.9.0")
ENCTYPE_NULL =

None

INT2FIX(ENCTYPE_NULL)
ENCTYPE_DES_CBC_CRC =

DES cbc mode with CRC-32

INT2FIX(ENCTYPE_DES_CBC_CRC)
ENCTYPE_DES_CBC_MD4 =

DES cbc mode with RSA-MD4

INT2FIX(ENCTYPE_DES_CBC_MD4)
ENCTYPE_DES_CBC_MD5 =

DES cbc mode with RSA-MD5

INT2FIX(ENCTYPE_DES_CBC_MD5)
ENCTYPE_DES_CBC_RAW =

DES cbc mode raw

INT2FIX(ENCTYPE_DES_CBC_RAW)
ENCTYPE_DES3_CBC_SHA =

DES-3 cbc mode with NIST-SHA

INT2FIX(ENCTYPE_DES3_CBC_SHA)
ENCTYPE_DES3_CBC_RAW =

DES-3 cbc mode raw

INT2FIX(ENCTYPE_DES3_CBC_RAW)
ENCTYPE_DES_HMAC_SHA1 =

HMAC SHA1

INT2FIX(ENCTYPE_DES_HMAC_SHA1)
ENCTYPE_DSA_SHA1_CMS =

DSA with SHA1, CMS signature

INT2FIX(ENCTYPE_DSA_SHA1_CMS)
ENCTYPE_MD5_RSA_CMS =

MD5 with RSA, CMS signature

INT2FIX(ENCTYPE_MD5_RSA_CMS)
ENCTYPE_SHA1_RSA_CMS =

SHA1 with RSA, CMS signature

INT2FIX(ENCTYPE_SHA1_RSA_CMS)
ENCTYPE_RC2_CBC_ENV =

RC2 cbc mode, CMS enveloped data

INT2FIX(ENCTYPE_RC2_CBC_ENV)
ENCTYPE_RSA_ENV =

RSA encryption, CMS enveloped data

INT2FIX(ENCTYPE_RSA_ENV)
ENCTYPE_RSA_ES_OAEP_ENV =

RSA w/OEAP encryption, CMS enveloped data

INT2FIX(ENCTYPE_RSA_ES_OAEP_ENV)
ENCTYPE_DES3_CBC_ENV =

DES-3 cbc mode, CMS enveloped data

INT2FIX(ENCTYPE_DES3_CBC_ENV)
ENCTYPE_DES3_CBC_SHA1 =

DES3 CBC SHA1

INT2FIX(ENCTYPE_DES3_CBC_SHA1)
ENCTYPE_AES128_CTS_HMAC_SHA1_96 =

AES128 CTS HMAC SHA1 96

INT2FIX(ENCTYPE_AES128_CTS_HMAC_SHA1_96)
ENCTYPE_AES256_CTS_HMAC_SHA1_96 =

AES256 CTS HMAC SHA1 96

INT2FIX(ENCTYPE_AES256_CTS_HMAC_SHA1_96)
ENCTYPE_ARCFOUR_HMAC =

ARCFOUR HMAC

INT2FIX(ENCTYPE_ARCFOUR_HMAC)
ENCTYPE_ARCFOUR_HMAC_EXP =

ARCFOUR HMAC EXP

INT2FIX(ENCTYPE_ARCFOUR_HMAC_EXP)
ENCTYPE_UNKNOWN =

Unknown

INT2FIX(ENCTYPE_UNKNOWN)

Instance Method Summary (collapse)

Constructor Details

- (Object) Krb5Auth::Krb5.new

Creates and returns a new Krb5Auth::Krb5 object. This initializes the context for future method calls on that object.




# File 'ext/krb5_auth/krb5_auth.c'

/*
 * call-seq:
 *   Krb5Auth::Krb5.new
 *
 * Creates and returns a new Krb5Auth::Krb5 object. This initializes the
 * context for future method calls on that object.
 */
static VALUE rkrb5_initialize(VALUE self){

Instance Method Details

- (Object) change_password(old, new)

Changes the password for the principal from old to new. The principal is defined as whoever the last principal was authenticated via the Krb5#get_init_creds_password method.

Attempting to change a password before a principal has been established will raise an error.

Example:

krb5.get_init_creds_password('foo', 'XXXXXX') # Authenticate 'foo' user krb5.change_password('XXXXXX', 'YYYYYY') # Change password for 'foo'




# File 'ext/krb5_auth/krb5_auth.c'

/* call-seq:
 *   krb5.change_password(old, new)
 *
 * Changes the password for the principal from +old+ to +new+. The principal
 * is defined as whoever the last principal was authenticated via the
 * Krb5#get_init_creds_password method.
 *
 * Attempting to change a password before a principal has been established
 * will raise an error.
 *
 * Example:
 *
 * krb5.get_init_creds_password('foo', 'XXXXXX') # Authenticate 'foo' user
 * krb5.change_password('XXXXXX', 'YYYYYY')      # Change password for 'foo'
 */
static VALUE rkrb5_change_password(VALUE self, VALUE v_old, VALUE v_new){

- (Object) close

Handles cleanup of the Krb5 object, freeing any credentials, principal or context associated with the object.




# File 'ext/krb5_auth/krb5_auth.c'

/* 
 * call-seq:
 *   krb5.close
 *
 * Handles cleanup of the Krb5 object, freeing any credentials, principal or
 * context associated with the object.
 */
static VALUE rkrb5_close(VALUE self){

- (Object) get_default_principal

Returns the default principal for the current realm based on the current credentials cache.

If no credentials cache is found then an error is raised.




# File 'ext/krb5_auth/krb5_auth.c'

/*
 * call-seq:
 *   krb5.get_default_principal
 *
 * Returns the default principal for the current realm based on the current
 * credentials cache.
 *
 * If no credentials cache is found then an error is raised.
 */
static VALUE rkrb5_get_default_principal(VALUE self){

- (Object) get_default_realm

Returns the default Kerberos realm on your system.




# File 'ext/krb5_auth/krb5_auth.c'

/*
 * call-seq:
 *   krb.get_default_realm # => 'YOUR.REALM.COM'
 *
 * Returns the default Kerberos realm on your system.
 */
static VALUE rkrb5_get_default_realm(VALUE self){

- (Object) get_init_creds_keytab(principal = nil, keytab = nil, service = nil)

Acquire credentials for principal from keytab using service. If no principal is specified, then a principal is derived from the service name. If no service name is specified, kerberos defaults to "host".

If no keytab file is provided, the default keytab file is used. This is typically /etc/krb5.keytab.




# File 'ext/krb5_auth/krb5_auth.c'

/* call-seq:
 *   krb5.get_init_creds_keytab(principal = nil, keytab = nil, service = nil)
 *
 * Acquire credentials for +principal+ from +keytab+ using +service+. If
 * no principal is specified, then a principal is derived from the service
 * name. If no service name is specified, kerberos defaults to "host".
 *
 * If no keytab file is provided, the default keytab file is used. This is
 * typically /etc/krb5.keytab.
 */
static VALUE rkrb5_get_init_creds_keytab(int argc, VALUE* argv, VALUE self){

- (Object) get_init_creds_password(user, password)

Authenticates the credentials of user using password, and has the effect of setting the principal and context internally. This method must typically be called before using other methods.




# File 'ext/krb5_auth/krb5_auth.c'

/*
 * call-seq:
 *   krb5.get_init_creds_password(user, password)
 *
 * Authenticates the credentials of +user+ using +password+, and has the effect
 * of setting the principal and context internally. This method must typically
 * be called before using other methods.
 */
static VALUE rkrb5_get_init_creds_passwd(VALUE self, VALUE v_user, VALUE v_pass){

- (Object) get_permitted_enctypes

Returns a hash containing the permitted encoding types. The key is the numeric constant, with a string description as its value.

Example:

krb.get_permitted_enctypes

# Results:
{
   1  => "DES cbc mode with CRC-32",
   2  => "DES cbc mode with RSA-MD4",
   3  => "DES cbc mode with RSA-MD5"}
   16 => "Triple DES cbc mode with HMAC/sha1",
   17 => "AES-128 CTS mode with 96-bit SHA-1 HMAC",
   18 => "AES-256 CTS mode with 96-bit SHA-1 HMAC",
   23 => "ArcFour with HMAC/md5"
}



# File 'ext/krb5_auth/krb5_auth.c'

/*
 * call-seq:
 *   krb5.get_permitted_enctypes
 *
 * Returns a hash containing the permitted encoding types. The key is the
 * numeric constant, with a string description as its value.
 *
 * Example:
 *
 *   krb.get_permitted_enctypes
 *
 *   # Results:
 *   {
 *      1  => "DES cbc mode with CRC-32",
 *      2  => "DES cbc mode with RSA-MD4",
 *      3  => "DES cbc mode with RSA-MD5"}
 *      16 => "Triple DES cbc mode with HMAC/sha1",
 *      17 => "AES-128 CTS mode with 96-bit SHA-1 HMAC",
 *      18 => "AES-256 CTS mode with 96-bit SHA-1 HMAC",
 *      23 => "ArcFour with HMAC/md5"
 *   }
 */
static VALUE rkrb5_get_permitted_enctypes(VALUE self){

- (Object) set_default_realm(realm = nil)

Sets the default realm to realm. If no argument is provided, then the default realm in your krb5.conf file is used.




# File 'ext/krb5_auth/krb5_auth.c'

/*
 * call-seq:
 *   krb.set_default_realm(realm = nil)
 *
 * Sets the default realm to +realm+. If no argument is provided, then the
 * default realm in your krb5.conf file is used.
 */
static VALUE rkrb5_set_default_realm(int argc, VALUE* argv, VALUE self){