[29030] in Kerberos
Re: Provisioning and administrative tools for MIT KDC
daemon@ATHENA.MIT.EDU (Jos Backus)
Mon Jan 14 12:51:59 2008
Date: Mon, 14 Jan 2008 09:51:29 -0800
From: Jos Backus <jos@catnook.com>
To: kerberos@mit.edu
Message-ID: <20080114175129.GA98127@lizzy.catnook.local>
MIME-Version: 1.0
Content-Disposition: inline
In-Reply-To: <51052.24.136.141.228.1200265147.squirrel@webmail6.pair.com>
Reply-To: jos@catnook.com
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
On Sun, Jan 13, 2008 at 05:59:07PM -0500, Greg Wallace wrote:
> Hi All,
>
> At the Fedora Users and Developer Conference yesterday they announced a
> new remote maagement project that might be interesting to people following
> this thread.
>
> You can find out more about it here: https://fedorahosted.org/func
Interesting. It looks a lot like Puppet (which is moving away from XMLRPC).
http://http://reductivelabs.com/trac/puppet
Jos
> Best,
>
> Greg
>
> On Thu, January 10, 2008 10:59 pm, Marcus Watts wrote:
> > res@qoxp.net replied to Vincenzo.Carnuccio@valueteam.com:
> > ...
> >> CV> -Is there any API interface (java, c,any other language) to
> >> CV> perform administrative operations? (add a principal, change a
> >> CV> password, delete a principal)
> >>
> >>
> >> CV> We must perform automatic provisioning via a web application
> >> (jsp)
> >> CV> so it seems to be not a good solution using the kadmin command
> >> via
> >> CV> System Calls.
> >>
> >> CV> The KDC is the MIT's one
> >>
> >> http://search.cpan.org/~korty/Authen-Krb5-Admin-0.09/Admin.pm
> >>
> >> CV> Thank you in advance.
> >
> > The perl module is probably the best available at present.
> >
> > Recent versions of MIT kerberos should also export a C callable
> > api for kadm5. With older versions of MIT this was also possible,
> > but required extracting bits from built source for MIT k5.
> > If you feel like experimenting, this may help,
> > http://mailman.mit.edu/pipermail/krbdev/2007-March/005702.html
> >
> > There are also possibilities with java. I've got a java library
> > that will do this, which I hope to make generally available shortly.
> > It's undergoing review and final feature development right now. It uses
> > jni and calls into gssrpc. A future version could be pure java, but
> > that wasn't feasible right off.
> >
> > If you want a different java answer - opensolaris has a java library built
> > into its source. It uses jni and calls into kadm5. Note CDDL licensing.
> > Here's how to fetch a copy,
> >
> > do this,
> > < find a filesystem with lots of space on a machine with mercurial >
> > hg clone ssh://anon@hg.opensolaris.org/hg/onnv/onnv-gate
> > then look here:
> > onnv-gate/usr/src/OPENSOLARIS.LICENSE
> > onnv-gate/usr/src/cmd/krb5/kadmin/gui/native/Kadmin.c
> > onnv-gate/usr/src/cmd/krb5/kadmin/gui/native/Kadmin.java
> > for more on solaris,
> > http://opensolaris.org/os/project/onnv/
> > You will probably have to work out your own build procedure.
> >
> > We didn't go with that for various reasons, but maybe it
> > can meet your needs.
> >
> > -Marcus Watts
> > ________________________________________________
> > Kerberos mailing list Kerberos@mit.edu
> > https://mailman.mit.edu/mailman/listinfo/kerberos
> >
>
>
> --
> Greg Wallace
> Co-Founder and CEO
> Emu Software, Inc.
> Sponsor of the NetDirector Open Management Console Project
> www.netdirector.org
> o: 617.830.1835
> m: 919.247.3165
> skype: gregwallaceemu
> ________________________________________________
> Kerberos mailing list Kerberos@mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos
--
Jos Backus
jos at catnook.com
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
