Module: KerberosAuthenticator

Defined in:
lib/kerberos_authenticator.rb,
lib/kerberos_authenticator/krb5.rb,
lib/kerberos_authenticator/error.rb,
lib/kerberos_authenticator/version.rb,
lib/kerberos_authenticator/krb5/data.rb,
lib/kerberos_authenticator/krb5/creds.rb,
lib/kerberos_authenticator/krb5/error.rb,
lib/kerberos_authenticator/krb5/keytab.rb,
lib/kerberos_authenticator/krb5/context.rb,
lib/kerberos_authenticator/krb5/principal.rb,
lib/kerberos_authenticator/krb5/attach_function.rb

Overview

Authenticates a Kerberos user using their password.

Defined Under Namespace

Modules: Krb5 Classes: Error, StandardError

Constant Summary collapse

VERSION = 
'0.0.7'.freeze

Class Attribute Summary collapse

Class Method Summary collapse

Class Attribute Details

.keytab_base64String

Returns the keytab to use when verifying the identity of the KDC represented as a Base64 encoded string (overrides keytab_path).

Returns:

  • (String)

    the keytab to use when verifying the identity of the KDC represented as a Base64 encoded string (overrides keytab_path)




# File 'lib/kerberos_authenticator.rb', line 48

.keytab_pathString

Returns the path to the keytab to use when verifying the identity of the KDC.

Returns:

  • (String)

    the path to the keytab to use when verifying the identity of the KDC




# File 'lib/kerberos_authenticator.rb', line 52

.serverString

Returns the server principal name to use when verifying the identity of the KDC.

Returns:

  • (String)

    the server principal name to use when verifying the identity of the KDC




# File 'lib/kerberos_authenticator.rb', line 56

.serviceString

Returns the service principal name to request a ticket for when obtaining a user’s credentials.

Returns:

  • (String)

    the service principal name to request a ticket for when obtaining a user’s credentials




# File 'lib/kerberos_authenticator.rb', line 60

Class Method Details

.authenticate!(username, password) ⇒ TrueClass

Authenticates a user using their password.

Parameters:

  • username (String)

    a string representation of the user’s principal

  • password (String)

    the user’s password

Returns:

  • (TrueClass)

    always returns true if authentication succeeds without any error

Raises:

  • (Error)

    if Kerberos can’t understand the principal or contact any KDCs for the principal’s realm

  • (Error)

    if preauthentication fails (usually meaning that the user’s password was incorrect)

  • (Error)

    if the KDC cannot find the user

See Also:



29
30
31
32
33
34
35
36
37
38
 
# File 'lib/kerberos_authenticator.rb', line 29

def self.authenticate!(username, password)
  user = Krb5::Principal.new_with_name(username)
  creds = user.initial_creds_with_password(password, service)

  with_keytab do |kt|
    creds.verify!(server_princ, kt)
  end

  true
end

.change_password!(username, old_password, new_password) ⇒ TrueClass

Change a user’s password by authenticating with their current one.

Returns:

  • (TrueClass)

    always returns true if no error was raised

Raises:

  • (Error)

    if the attempt to change the password fails



43
44
45
46
 
# File 'lib/kerberos_authenticator.rb', line 43

def self.change_password!(username, old_password, new_password)
  user = Krb5::Principal.new_with_name(username)
  user.change_password(old_password, new_password)
end

.krb5Krb5

A convenience method to access the Krb5 module when using the setup method.

Returns:



12
13
14
 
# File 'lib/kerberos_authenticator.rb', line 12

def self.krb5
  Krb5
end

.setup {|_self| ... } ⇒ Object

Supports setting KerberosAuthenticator up using a block.

Yields:

  • (_self)

Yield Parameters:



17
18
19
 
# File 'lib/kerberos_authenticator.rb', line 17

def self.setup
  yield self
end