Kerberos Administration Protocol

Marcus Watts mdw at umich.edu
Tue Jun 2 12:03:08 EDT 2009


> Date:    Tue, 02 Jun 2009 15:28:32 +0200
> To:      kerberos at mit.edu
> From:    "max at mascanc.net" <max at mascanc.net>
> Subject: Kerberos Administration Protocol
> 
> Hi,
> 
> I'm looking for an open source Java implementation for the Kerberos
> administration protocol, for changing password, getprinc,
> delete_principal and so on. The main goals for kadmin, for
> the MIT implementation.
> 
> Are there any libraries?
> 
> If no, I would try to do an adHoc implementation. Are there
> documents? The only draft that I can see is
> 
> http://tools.ietf.org/html/draft-ietf-cat-kerb-chg-password-00
> 
> Thanks,
> 
> 
>         Massimiliano

As it happens, I do have something that might be the start at this.
It could stand a bit more "polishing" before being released,
and at the moment, it's not on our priority list.  If this is
something of interest to you, we should certainly talk.
You won't be at afsbpw 2009, by any chance?

What I have does:
	chpass
	chrand
	createpolicy
	create
	deletepolicy
	deleteprinc
	getpolicies
	getpolicy
	getprinc
	getprincs
	modifypolicy
	modifyprincipal
	renameprinc
	setkeyprincipal

It's mostly java code, including most of the xdr to implement
the above.  Some basic stuff is in C / JNI - including gssapi
proper.  At one point I thought I had located a suitable open source
java implementation of sun rpc - I hope it still exists.
Implementing rpcsec-gss on top of it may not be simple.

					-Marcus Watts



More information about the Kerberos mailing list