add remove user programmatically kerberos
Russ Allbery
rra at stanford.edu
Tue Feb 26 17:01:15 EST 2013
vs_krb <vs.krbadm at gmail.com> writes:
> I don't know about existing Java packages or plugins, but I think this
> is the brief outline of what would be needed.
> 1) Create an admin principal which has requisiste permissions. See
> http://web.mit.edu/kerberos/krb5-current/doc/admin/conf_files/kadm5_acl.html
> 2) Create a keytab using the admin principal created above.
> 3) Generate ticket using kinit -k <keytab in step 2.>
> 4) Use the generated ticket to authenticate with kadmind as the admin
> principal in step 1.
The last step is the hard one. I'm not aware of any Java implementation
of the kadmin wire protocol. You may need to resort to either calling out
to a separate program or build a JNI extension that links with
libkadm5clnt.
--
Russ Allbery (rra at stanford.edu) <http://www.eyrie.org/~eagle/>
More information about the Kerberos
mailing list