class Kerberos::Krb5

Constants

ENCTYPE_AES128_CTS_HMAC_SHA1_96

AES128 CTS HMAC SHA1 96

ENCTYPE_AES256_CTS_HMAC_SHA1_96

AES256 CTS HMAC SHA1 96

ENCTYPE_ARCFOUR_HMAC

ARCFOUR HMAC

ENCTYPE_ARCFOUR_HMAC_EXP

ARCFOUR HMAC EXP

ENCTYPE_DES3_CBC_ENV

DES-3 cbc mode, CMS enveloped data

ENCTYPE_DES3_CBC_RAW

DES-3 cbc mode raw

ENCTYPE_DES3_CBC_SHA

DES-3 cbc mode with NIST-SHA

ENCTYPE_DES3_CBC_SHA1

DES3 CBC SHA1

ENCTYPE_DES_CBC_CRC

DES cbc mode with CRC-32

ENCTYPE_DES_CBC_MD4

DES cbc mode with RSA-MD4

ENCTYPE_DES_CBC_MD5

DES cbc mode with RSA-MD5

ENCTYPE_DES_CBC_RAW

DES cbc mode raw

ENCTYPE_DES_HMAC_SHA1

HMAC SHA1

ENCTYPE_DSA_SHA1_CMS

DSA with SHA1, CMS signature

ENCTYPE_MD5_RSA_CMS

MD5 with RSA, CMS signature

ENCTYPE_NULL

None

ENCTYPE_RC2_CBC_ENV

RC2 cbc mode, CMS enveloped data

ENCTYPE_RSA_ENV

RSA encryption, CMS enveloped data

ENCTYPE_RSA_ES_OAEP_ENV

RSA w/OEAP encryption, CMS enveloped data

ENCTYPE_SHA1_RSA_CMS

SHA1 with RSA, CMS signature

ENCTYPE_UNKNOWN

Unknown

VERSION

The version of the custom rkerberos library

Public Class Methods

Kerberos::Krb5.new click to toggle source

Creates and returns a new Kerberos::Krb5 object. This initializes the context for future method calls on that object.

static VALUE rkrb5_initialize(VALUE self){

Public Instance Methods

change_password(old, new) click to toggle source

Changes the password for the principal from old to new. The principal is defined as whoever the last principal was authenticated via the Krb5#get_init_creds_password method.

Attempting to change a password before a principal has been established will raise an error.

Example:

krb5.get_init_creds_password('foo', 'XXXXXX') # Authenticate 'foo' user krb5.change_password('XXXXXX', 'YYYYYY') # Change password for 'foo'

static VALUE rkrb5_change_password(VALUE self, VALUE v_old, VALUE v_new){
close click to toggle source

Handles cleanup of the Krb5 object, freeing any credentials, principal or context associated with the object.

static VALUE rkrb5_close(VALUE self){
default_principal()
default_realm()
Alias for: get_default_realm
get_default_principal click to toggle source

Returns the default principal for the current realm based on the current credentials cache.

If no credentials cache is found then an error is raised.

static VALUE rkrb5_get_default_principal(VALUE self){
Also aliased as: default_principal
get_default_realm # → 'YOUR.REALM.COM' click to toggle source

Returns the default Kerberos realm on your system.

static VALUE rkrb5_get_default_realm(VALUE self){
Also aliased as: default_realm
get_init_creds_keytab(principal = nil, keytab = nil, service = nil, ccache = nil) click to toggle source

Acquire credentials for principal from keytab using service. If no principal is specified, then a principal is derived from the service name. If no service name is specified, kerberos defaults to “host”.

If no keytab file is provided, the default keytab file is used. This is typically /etc/krb5.keytab.

If ccache is supplied and is a Kerberos::Krb5::CredentialsCache, the resulting credentials will be stored in the credential cache.

static VALUE rkrb5_get_init_creds_keytab(int argc, VALUE* argv, VALUE self){
get_init_creds_password(user, password, service = nil) click to toggle source

Authenticates the credentials of user using password against service, and has the effect of setting the principal and context internally. This method must typically be called before using other methods.

static VALUE rkrb5_get_init_creds_passwd(int argc, VALUE* argv, VALUE self){
get_permitted_enctypes click to toggle source

Returns a hash containing the permitted encoding types. The key is the numeric constant, with a string description as its value.

Example:

krb.get_permitted_enctypes

# Results:
{
   1  => "DES cbc mode with CRC-32",
   2  => "DES cbc mode with RSA-MD4",
   3  => "DES cbc mode with RSA-MD5"}
   16 => "Triple DES cbc mode with HMAC/sha1",
   17 => "AES-128 CTS mode with 96-bit SHA-1 HMAC",
   18 => "AES-256 CTS mode with 96-bit SHA-1 HMAC",
   23 => "ArcFour with HMAC/md5"
}
static VALUE rkrb5_get_permitted_enctypes(VALUE self){
set_default_realm(realm = nil) click to toggle source

Sets the default realm to realm. If no argument is provided, then the default realm in your krb5.conf file is used.

static VALUE rkrb5_set_default_realm(int argc, VALUE* argv, VALUE self){