[29022] in Kerberos
Re: Provisioning and administrative tools for MIT KDC
daemon@ATHENA.MIT.EDU (Greg Wallace)
Sun Jan 13 17:59:59 2008
Message-ID: <51052.24.136.141.228.1200265147.squirrel@webmail6.pair.com>
In-Reply-To: <E1JDB3N-0006pM-7h@spam.ifs.umich.edu>
Date: Sun, 13 Jan 2008 17:59:07 -0500 (EST)
From: "Greg Wallace" <greg@emusoftware.com>
To: kerberos@mit.edu
MIME-Version: 1.0
Reply-To: greg@emusoftware.com
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
Hi All,
At the Fedora Users and Developer Conference yesterday they announced a
new remote maagement project that might be interesting to people following
this thread.
You can find out more about it here: https://fedorahosted.org/func
Best,
Greg
On Thu, January 10, 2008 10:59 pm, Marcus Watts wrote:
> res@qoxp.net replied to Vincenzo.Carnuccio@valueteam.com:
> ...
>> CV> -Is there any API interface (java, c,any other language) to
>> CV> perform administrative operations? (add a principal, change a
>> CV> password, delete a principal)
>>
>>
>> CV> We must perform automatic provisioning via a web application
>> (jsp)
>> CV> so it seems to be not a good solution using the kadmin command
>> via
>> CV> System Calls.
>>
>> CV> The KDC is the MIT's one
>>
>> http://search.cpan.org/~korty/Authen-Krb5-Admin-0.09/Admin.pm
>>
>> CV> Thank you in advance.
>
> The perl module is probably the best available at present.
>
> Recent versions of MIT kerberos should also export a C callable
> api for kadm5. With older versions of MIT this was also possible,
> but required extracting bits from built source for MIT k5.
> If you feel like experimenting, this may help,
> http://mailman.mit.edu/pipermail/krbdev/2007-March/005702.html
>
> There are also possibilities with java. I've got a java library
> that will do this, which I hope to make generally available shortly.
> It's undergoing review and final feature development right now. It uses
> jni and calls into gssrpc. A future version could be pure java, but
> that wasn't feasible right off.
>
> If you want a different java answer - opensolaris has a java library built
> into its source. It uses jni and calls into kadm5. Note CDDL licensing.
> Here's how to fetch a copy,
>
> do this,
> < find a filesystem with lots of space on a machine with mercurial >
> hg clone ssh://anon@hg.opensolaris.org/hg/onnv/onnv-gate
> then look here:
> onnv-gate/usr/src/OPENSOLARIS.LICENSE
> onnv-gate/usr/src/cmd/krb5/kadmin/gui/native/Kadmin.c
> onnv-gate/usr/src/cmd/krb5/kadmin/gui/native/Kadmin.java
> for more on solaris,
> http://opensolaris.org/os/project/onnv/
> You will probably have to work out your own build procedure.
>
> We didn't go with that for various reasons, but maybe it
> can meet your needs.
>
> -Marcus Watts
> ________________________________________________
> Kerberos mailing list Kerberos@mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos
>
--
Greg Wallace
Co-Founder and CEO
Emu Software, Inc.
Sponsor of the NetDirector Open Management Console Project
www.netdirector.org
o: 617.830.1835
m: 919.247.3165
skype: gregwallaceemu
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
