Kerberos Admin in Java

Marcus Watts mdw at umich.edu
Wed Sep 15 12:11:42 EDT 2010


Bram Cymet writes:
> Date:    Mon, 13 Sep 2010 13:54:05 EDT
> To:      kerberos at MIT.EDU
> From:    Bram Cymet <bcymet at cbnco.com>
> Subject: Kerberos Admin in Java
>        
>   Hi,
>
> Does anyone know of a java library that would allow for administration
> of a realm from within a java app (add principals, remove principals,
> and change passwords)? I have seen lots of examples that call out to the
> kadmin utility but I was wondering if there is anyway of doing it
> nativity from java?
>
> Thanks,
>
> --
> Bram Cymet
> Software Developer
> Canadian Bank Note Co. Ltd.
> Cell: 613-608-9752

I have java code that can add principals, remove principals, reset
passwords, and much much more (basically everything kadm5 can do).
It's not pure java code, it requires JNI to do the actual sun onc rpc and
gssapi layers.  All of the call parameter marshalling and unmarshalling
is done in java however.  It should be possible to eliminate the JNI
requirement with some work.

This code is not yet open source.  It could certainly stand
improvement.  If this code is still of interest to you and
you'd be willing to provide at least feedback on what could
be improved (or changes or whatever) - please drop me a note.
I'm currently in CZ but expect to be back home next week,
at which point I'll see what I can do for you.

Just so that you know, there's also a version of code
somewhere in solaris that can do kadm5 from java.  If
I recall right, the sun logic is almost pure JNI wrapped
around the kadm5 calls.  If the license is acceptable
and you can dig the code out and make it useable
in your environment, this might be sufficient for you.

			-Marcus Watts



More information about the Kerberos mailing list