oracular (3) Wallet::Kadmin::MIT.3pm.gz
NAME
Wallet::Kadmin::MIT - Wallet Kerberos administration API for MIT
SYNOPSIS
my $kadmin = Wallet::Kadmin::MIT->new;
$kadmin->create ('host/foo.example.com');
my $data = $kadmin->keytab_rekey ('host/foo.example.com',
'aes256-cts-hmac-sha1-96');
$data = $kadmin->keytab ('host/foo.example.com');
my $exists = $kadmin->exists ('host/oldshell.example.com');
$kadmin->destroy ('host/oldshell.example.com') if $exists;
DESCRIPTION
Wallet::Kadmin::MIT implements the Wallet::Kadmin API for MIT Kerberos, providing an interface to create
and delete principals and create keytabs. It provides the API documented in Wallet::Kadmin for an MIT
Kerberos KDC.
MIT Kerberos does not provide any method via the kadmin network protocol to retrieve a keytab for a
principal without rekeying it, so the keytab() method (as opposed to keytab_rekey(), which rekeys the
principal) is implemented using a remctl backend. For that method (used for unchanging keytab objects)
to work, the necessary wallet configuration and remctl interface on the KDC must be set up.
To use this class, several configuration parameters must be set. See "KEYTAB OBJECT CONFIGURATION" in
Wallet::Config for details.
FILES
KEYTAB_TMP/keytab.<pid>
The keytab is created in this file and then read into memory. KEYTAB_TMP is set in the wallet
configuration, and <pid> is the process ID of the current process. The file is unlinked after being
read.
LIMITATIONS
Currently, this implementation calls an external kadmin program rather than using a native Perl module
and therefore requires kadmin be installed and parses its output. It may miss some error conditions if
the output of kadmin ever changes.
SEE ALSO
kadmin(8), Wallet::Config(3), Wallet::Kadmin(3), Wallet::Object::Keytab(3), wallet-backend(8) This module is part of the wallet system. The current version is available from <https://www.eyrie.org/~eagle/software/wallet/>.
AUTHORS
Russ Allbery <eagle@eyrie.org> and Jon Robertson <jonrober@stanford.edu>.