Kerberos Admin in Java

bert@flyingdragon.net bert at flyingdragon.net
Fri Mar 15 14:00:03 EDT 2013 

Marcus,

We (Georgia Tech) are rewriting some kerberos change processors and would be interested in your JNI wrappers atop the kerberos libraries. 

Would it be possible for us to learn from or use your project? We would certainly provide feedback on it.


Thanks very much,
  Bert Bee-Lindgren



On Wednesday, September 15, 2010 12:11:42 PM UTC-4, Marcus Watts wrote:
> Bram Cymet writes:
> > Date:    Mon, 13 Sep 2010 13:54:05 EDT
> > To:      kerberos at MIT.EDU
> > From:    Bram Cymet 
> > Subject: Kerberos Admin in Java
> >        
> >   Hi,
> >
> > Does anyone know of a java library that would allow for administration
> > of a realm from within a java app (add principals, remove principals,
> > and change passwords)? I have seen lots of examples that call out to the
> > kadmin utility but I was wondering if there is anyway of doing it
> > nativity from java?
> >
> > Thanks,
> >
> > --
> > Bram Cymet
> > Software Developer
> > Canadian Bank Note Co. Ltd.
> > Cell: 613-608-9752
> 
> I have java code that can add principals, remove principals, reset
> passwords, and much much more (basically everything kadm5 can do).
> It's not pure java code, it requires JNI to do the actual sun onc rpc and
> gssapi layers.  All of the call parameter marshalling and unmarshalling
> is done in java however.  It should be possible to eliminate the JNI
> requirement with some work.
> 
> This code is not yet open source.  It could certainly stand
> improvement.  If this code is still of interest to you and
> you'd be willing to provide at least feedback on what could
> be improved (or changes or whatever) - please drop me a note.
> I'm currently in CZ but expect to be back home next week,
> at which point I'll see what I can do for you.
> 
> Just so that you know, there's also a version of code
> somewhere in solaris that can do kadm5 from java.  If
> I recall right, the sun logic is almost pure JNI wrapped
> around the kadm5 calls.  If the license is acceptable
> and you can dig the code out and make it useable
> in your environment, this might be sufficient for you.
> 
> 			-Marcus Watts

More information about the Kerberos mailing list