Class: Dse::Auth::Providers::GssApi

Inherits:

Cassandra::Auth::Provider

• Object
• Cassandra::Auth::Provider
• Dse::Auth::Providers::GssApi

Defined in:

lib/dse/auth/providers/gss_api.rb

Overview

Auth provider to authenticate with Kerberos. Whenever the client connects to a DSE node, this provider will perform Kerberos authentication operations with it. By default, the provider takes the ip address of the node and uses Socket#getnameinfo to find its name in order to construct the full service address (e.g. service@host).

See Also:

• #initialize

Instance Method Summary

• #initialize(service = 'dse', host_resolver = true, principal = nil, ticket_cache = nil) ⇒ GssApi constructor

  A new instance of GssApi.

Constructor Details

#initialize(service = 'dse', host_resolver = true, principal = nil, ticket_cache = nil) ⇒ GssApi

Returns a new instance of GssApi.

Parameters:

• service (String) (defaults to: 'dse') —

  name of the kerberos service; defaults to 'dse'.

• host_resolver (Boolean, Object) (defaults to: true) —

  whether to use a host-resolver. By default, Socket#getnameinfo is used. To disable host-resolution, specify a false value. You may also provide a custom resolver, which is an object that implements the resolve(host_ip) method.

• principal (String) (defaults to: nil) —

  The principal whose cached credentials are used to authenticate. Defaults to the first principal stored in the ticket cache.

• ticket_cache (String) (defaults to: nil) —

  The ticket cache containing the cached credential we seek. Defaults on Linux to /tmp/krb5cc_<uid> (where uid is the numeric uid of the user running the client program). In MRI only, the KRB5CCNAME environment variable supercedes this. On Mac, the default is a symbolic reference to a ticket-cache server process.

# File 'lib/dse/auth/providers/gss_api.rb', line 136

def initialize(service = 'dse', host_resolver = true, principal = nil, ticket_cache = nil)
  @service = service
  @host_resolver = case host_resolver
                   when false
                     NoOpResolver.new
                   when true
                     NameInfoResolver.new
                   else
                     host_resolver
                   end
  Cassandra::Util.assert_responds_to(:resolve, @host_resolver,
                                     'invalid host_resolver: it must have the :resolve method')
  @principal = principal
  @ticket_cache = ticket_cache
end