Provisioning and administrative tools for MIT KDC

Jos Backus jos at catnook.com
Mon Jan 14 12:51:29 EST 2008 

On Sun, Jan 13, 2008 at 05:59:07PM -0500, Greg Wallace wrote:
> Hi All,
> 
> At the Fedora Users and Developer Conference yesterday they announced a
> new remote maagement project that might be interesting to people following
> this thread.
> 
> You can find out more about it here:  https://fedorahosted.org/func
 
Interesting. It looks a lot like Puppet (which is moving away from XMLRPC).

    http://http://reductivelabs.com/trac/puppet

Jos

> Best,
> 
> Greg
> 
> On Thu, January 10, 2008 10:59 pm, Marcus Watts wrote:
> > res at qoxp.net replied to Vincenzo.Carnuccio at valueteam.com:
> > ...
> >>     CV> -Is there any API interface (java, c,any other language) to
> >>     CV> perform administrative operations? (add a principal, change a
> >>     CV> password, delete a principal)
> >>
> >>
> >>     CV> We must perform automatic provisioning via a web application
> >> (jsp)
> >>     CV> so it seems to be not a good solution using the kadmin command
> >> via
> >>     CV> System Calls.
> >>
> >>     CV> The KDC is the MIT's one
> >>
> >> http://search.cpan.org/~korty/Authen-Krb5-Admin-0.09/Admin.pm
> >>
> >>     CV> Thank you in advance.
> >
> > The perl module is probably the best available at present.
> >
> > Recent versions of MIT kerberos should also export a C callable
> > api for kadm5.  With older versions of MIT this was also possible,
> > but required extracting bits from built source for MIT k5.
> > If you feel like experimenting, this may help,
> > http://mailman.mit.edu/pipermail/krbdev/2007-March/005702.html
> >
> > There are also possibilities with java.  I've got a java library
> > that will do this, which I hope to make generally available shortly.
> > It's undergoing review and final feature development right now.  It uses
> > jni and calls into gssrpc.  A future version could be pure java, but
> > that wasn't feasible right off.
> >
> > If you want a different java answer - opensolaris has a java library built
> > into its source.  It uses jni and calls into kadm5.  Note CDDL licensing.
> > Here's how to fetch a copy,
> >
> > do this,
> > < find a filesystem with lots of space on a machine with mercurial >
> > hg clone ssh://anon@hg.opensolaris.org/hg/onnv/onnv-gate
> > then look here:
> > onnv-gate/usr/src/OPENSOLARIS.LICENSE
> > onnv-gate/usr/src/cmd/krb5/kadmin/gui/native/Kadmin.c
> > onnv-gate/usr/src/cmd/krb5/kadmin/gui/native/Kadmin.java
> > for more on solaris,
> > http://opensolaris.org/os/project/onnv/
> > You will probably have to work out your own build procedure.
> >
> > We didn't go with that for various reasons, but maybe it
> > can meet your needs.
> >
> > 					-Marcus Watts
> > ________________________________________________
> > Kerberos mailing list           Kerberos at mit.edu
> > https://mailman.mit.edu/mailman/listinfo/kerberos
> >
> 
> 
> -- 
> Greg Wallace
> Co-Founder and CEO
> Emu Software, Inc.
> Sponsor of the NetDirector Open Management Console Project
> www.netdirector.org
> o: 617.830.1835
> m: 919.247.3165
> skype: gregwallaceemu
> ________________________________________________
> Kerberos mailing list           Kerberos at mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos

-- 
Jos Backus
jos at catnook.com

More information about the Kerberos mailing list