Provisioning and administrative tools for MIT KDC

Greg Wallace greg at emusoftware.com
Mon Jan 14 14:30:55 EST 2008


that's not a bad comparison, but I think (and this is how the guys
presenting the project at FUDcon explained the difference) func is like
puppet-lite (or, better, puppet really really really lite)

for example - with puppet, you get revision control, not so with func, and
this is just one example

as to xmlrpc, I've got no insight on why func chose that or what its
relative merits are...

Greg


On Mon, January 14, 2008 12:51 pm, Jos Backus wrote:
> On Sun, Jan 13, 2008 at 05:59:07PM -0500, Greg Wallace wrote:
>> Hi All,
>>
>> At the Fedora Users and Developer Conference yesterday they announced a
>> new remote maagement project that might be interesting to people
>> following
>> this thread.
>>
>> You can find out more about it here:  https://fedorahosted.org/func
>
> Interesting. It looks a lot like Puppet (which is moving away from
> XMLRPC).
>
>     http://http://reductivelabs.com/trac/puppet
>
> Jos
>
>> Best,
>>
>> Greg
>>
>> On Thu, January 10, 2008 10:59 pm, Marcus Watts wrote:
>> > res at qoxp.net replied to Vincenzo.Carnuccio at valueteam.com:
>> > ...
>> >>     CV> -Is there any API interface (java, c,any other language) to
>> >>     CV> perform administrative operations? (add a principal, change a
>> >>     CV> password, delete a principal)
>> >>
>> >>
>> >>     CV> We must perform automatic provisioning via a web application
>> >> (jsp)
>> >>     CV> so it seems to be not a good solution using the kadmin
>> command
>> >> via
>> >>     CV> System Calls.
>> >>
>> >>     CV> The KDC is the MIT's one
>> >>
>> >> http://search.cpan.org/~korty/Authen-Krb5-Admin-0.09/Admin.pm
>> >>
>> >>     CV> Thank you in advance.
>> >
>> > The perl module is probably the best available at present.
>> >
>> > Recent versions of MIT kerberos should also export a C callable
>> > api for kadm5.  With older versions of MIT this was also possible,
>> > but required extracting bits from built source for MIT k5.
>> > If you feel like experimenting, this may help,
>> > http://mailman.mit.edu/pipermail/krbdev/2007-March/005702.html
>> >
>> > There are also possibilities with java.  I've got a java library
>> > that will do this, which I hope to make generally available shortly.
>> > It's undergoing review and final feature development right now.  It
>> uses
>> > jni and calls into gssrpc.  A future version could be pure java, but
>> > that wasn't feasible right off.
>> >
>> > If you want a different java answer - opensolaris has a java library
>> built
>> > into its source.  It uses jni and calls into kadm5.  Note CDDL
>> licensing.
>> > Here's how to fetch a copy,
>> >
>> > do this,
>> > < find a filesystem with lots of space on a machine with mercurial >
>> > hg clone ssh://anon@hg.opensolaris.org/hg/onnv/onnv-gate
>> > then look here:
>> > onnv-gate/usr/src/OPENSOLARIS.LICENSE
>> > onnv-gate/usr/src/cmd/krb5/kadmin/gui/native/Kadmin.c
>> > onnv-gate/usr/src/cmd/krb5/kadmin/gui/native/Kadmin.java
>> > for more on solaris,
>> > http://opensolaris.org/os/project/onnv/
>> > You will probably have to work out your own build procedure.
>> >
>> > We didn't go with that for various reasons, but maybe it
>> > can meet your needs.
>> >
>> > 					-Marcus Watts
>> > ________________________________________________
>> > Kerberos mailing list           Kerberos at mit.edu
>> > https://mailman.mit.edu/mailman/listinfo/kerberos
>> >
>>
>>
>> --
>> Greg Wallace
>> Co-Founder and CEO
>> Emu Software, Inc.
>> Sponsor of the NetDirector Open Management Console Project
>> www.netdirector.org
>> o: 617.830.1835
>> m: 919.247.3165
>> skype: gregwallaceemu
>> ________________________________________________
>> Kerberos mailing list           Kerberos at mit.edu
>> https://mailman.mit.edu/mailman/listinfo/kerberos
>
> --
> Jos Backus
> jos at catnook.com
> ________________________________________________
> Kerberos mailing list           Kerberos at mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos
>


-- 
Greg Wallace
Co-Founder and CEO
Emu Software, Inc.
Sponsor of the NetDirector Open Management Console Project
www.netdirector.org
o: 617.830.1835
m: 919.247.3165
skype: gregwallaceemu



More information about the Kerberos mailing list