oracular (3) Wallet::Object::Password.3pm.gz

Provided by: krb5-wallet-server_1.5-1.1_all bug

NAME
       Wallet::Object::Password - Password object implementation for wallet


SYNOPSIS
           my @name = qw(file mysql-lsdb)
           my @trace = ($user, $host, time);
           my $object = Wallet::Object::Password->create (@name, $schema, @trace);
           unless ($object->store ("the-password\n")) {
               die $object->error, "\n";
           }
           my $password = $object->get (@trace);
           $object->destroy (@trace);


DESCRIPTION
       Wallet::Object::Password is an extension of Wallet::Object::File, acting as a representation of simple
       file objects in the wallet.  The difference between the two is that if there is no data stored in a
       password object when a user tries to get it for the first time, then a random string suited for a
       password will be generated and put into the object data.

       It implements the wallet object API and provides the necessary glue to store a file on the wallet server,
       retrieve it later, and delete it when the password object is deleted.

       To use this object, the configuration option specifying where on the wallet server to store password
       objects must be set.  See Wallet::Config for details on this configuration parameter and information
       about how to set wallet configuration.


METHODS
       This object mostly inherits from Wallet::Object::File.  See the documentation for that class for all
       generic methods.  Below are only those methods that are overridden or behave specially for this
       implementation.

       get(PRINCIPAL, HOSTNAME [, DATETIME])
           Retrieves the current contents of the file object or undef on error.  store() must be called before
           get() will be successful.  The caller should call error() to get the error message if get() returns
           undef.  PRINCIPAL, HOSTNAME, and DATETIME are stored as history information.  PRINCIPAL should be the
           user who is downloading the keytab.  If DATETIME isn't given, the current time is used.


FILES
       PWD_FILE_BUCKET/<hash>/<file>
           Password files are stored on the wallet server under the directory PWD_FILE_BUCKET as set in the
           wallet configuration.  <hash> is the first two characters of the hex-encoded MD5 hash of the wallet
           password object name, used to not put too many files in the same directory.  <file> is the name of
           the password object with all characters other than alphanumerics, underscores, and dashes replaced by
           "%" and the hex code of the character.


LIMITATIONS
       The wallet implementation itself can handle arbitrary password object names. However, due to limitations
       in the remctld server usually used to run wallet-backend, password object names containing nul characters
       (ASCII 0) may not be permitted.  The file system used for storing file objects may impose a length
       limitation on the password object name.


SEE ALSO
       remctld(8), Wallet::Config(3), Wallet::Object::File(3), wallet-backend(8)

       This module is part of the wallet system.  The current version is available from
       <https://www.eyrie.org/~eagle/software/wallet/>.


AUTHORS
       Jon Robertson <jonrober@stanford.edu> Bill MacAllister <bill@ca-zephyr.org>