{"id":37029062,"url":"https://github.com/ist-dsi/kadmin","last_synced_at":"2026-01-14T03:28:55.088Z","repository":{"id":57742583,"uuid":"46731068","full_name":"ist-dsi/kadmin","owner":"ist-dsi","description":"Kerberos Administration Interface (kadmin) for Scala","archived":false,"fork":false,"pushed_at":"2020-05-28T18:03:47.000Z","size":1489,"stargazers_count":6,"open_issues_count":0,"forks_count":0,"subscribers_count":10,"default_branch":"master","last_synced_at":"2024-04-17T05:19:32.419Z","etag":null,"topics":["kadmin","kerberos","library","sysadmin"],"latest_commit_sha":null,"homepage":"","language":"Scala","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/ist-dsi.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2015-11-23T15:56:08.000Z","updated_at":"2021-11-29T09:50:45.000Z","dependencies_parsed_at":"2022-09-09T11:20:32.557Z","dependency_job_id":null,"html_url":"https://github.com/ist-dsi/kadmin","commit_stats":null,"previous_names":[],"tags_count":13,"template":false,"template_full_name":null,"purl":"pkg:github/ist-dsi/kadmin","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ist-dsi%2Fkadmin","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ist-dsi%2Fkadmin/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ist-dsi%2Fkadmin/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ist-dsi%2Fkadmin/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/ist-dsi","download_url":"https://codeload.github.com/ist-dsi/kadmin/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ist-dsi%2Fkadmin/sbom","scorecard":{"id":496260,"data":{"date":"2025-08-11","repo":{"name":"github.com/ist-dsi/kadmin","commit":"ee1c896115b62d7f5ae677a737cdfa6b1151e68f"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":2.8,"checks":[{"name":"Dangerous-Workflow","score":-1,"reason":"no workflows found","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Code-Review","score":0,"reason":"Found 1/29 approved changesets -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Maintained","score":0,"reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Token-Permissions","score":-1,"reason":"No tokens found","details":null,"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Security-Policy","score":0,"reason":"security policy file not detected","details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Vulnerabilities","score":10,"reason":"0 existing vulnerabilities detected","details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: MIT License: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Branch-Protection","score":0,"reason":"branch protection not enabled on development/release branches","details":["Warn: branch protection not enabled for branch 'master'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"Pinned-Dependencies","score":0,"reason":"dependency not pinned by hash detected -- score normalized to 0","details":["Warn: containerImage not pinned by hash: docker-kerberos/kdc-kadmin/Dockerfile:1: pin your Docker image by updating debian:9 to debian:9@sha256:c5c5200ff1e9c73ffbf188b4a67eb1c91531b644856b4aefe86a58d2f0cb05be","Warn: containerImage not pinned by hash: docker-kerberos/kerberos-client/Dockerfile:1","Info:   0 out of   2 containerImage dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 0 commits out of 2 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}}]},"last_synced_at":"2025-08-19T20:29:04.733Z","repository_id":57742583,"created_at":"2025-08-19T20:29:04.733Z","updated_at":"2025-08-19T20:29:04.733Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28408843,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-14T01:52:23.358Z","status":"online","status_checked_at":"2026-01-14T02:00:06.678Z","response_time":107,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["kadmin","kerberos","library","sysadmin"],"created_at":"2026-01-14T03:28:54.488Z","updated_at":"2026-01-14T03:28:55.075Z","avatar_url":"https://github.com/ist-dsi.png","language":"Scala","funding_links":[],"categories":[],"sub_categories":[],"readme":"# kadmin [![license](http://img.shields.io/:license-MIT-blue.svg)](LICENSE)\n[![Scaladoc](http://javadoc-badge.appspot.com/pt.tecnico.dsi/kadmin_2.12.svg?label=scaladoc\u0026style=plastic\u0026maxAge=604800)](https://ist-dsi.github.io/kadmin/latest/api/pt/tecnico/dsi/kadmin/index.html)\n[![Maven Central](https://maven-badges.herokuapp.com/maven-central/pt.tecnico.dsi/kadmin_2.12/badge.svg?maxAge=604800)](https://maven-badges.herokuapp.com/maven-central/pt.tecnico.dsi/kadmin_2.12)\n[![Dependency Status](https://www.versioneye.com/user/projects/5717b800fcd19a004544172f/badge.svg?style=flat-square)](https://www.versioneye.com/user/projects/5717b800fcd19a004544172f)\n[![Reference Status](https://www.versioneye.com/java/pt.tecnico.dsi:kadmin_2.12/reference_badge.svg?style=plastic\u0026maxAge=604800)](https://www.versioneye.com/java/pt.tecnico.dsi:kadmin_2.12/references)\n\n\n[![Build Status](https://travis-ci.org/ist-dsi/kadmin.svg?branch=master\u0026style=plastic\u0026maxAge=604800)](https://travis-ci.org/ist-dsi/kadmin)\n[![Codacy Badge](https://api.codacy.com/project/badge/coverage/a5fead3a55db40cd96470ed7a8efe9c5)](https://www.codacy.com/app/IST-DSI/kadmin)\n[![Codacy Badge](https://api.codacy.com/project/badge/grade/a5fead3a55db40cd96470ed7a8efe9c5)](https://www.codacy.com/app/IST-DSI/kadmin)\n[![BCH compliance](https://bettercodehub.com/edge/badge/ist-dsi/kadmin)](https://bettercodehub.com/)\n\nA type-safe wrapper around the kadmin command for Scala.\n\nIn the JVM there are no libraries to create or delete kerberos principals. This is due to the fact that Kerberos only offers\na C API, and interfacing with it via the Java Native Interface (JNI) can be a hard task to accomplish properly.\n\nWe solve the problem of Kerberos administration in JVM via the only other alternative: by launching the kadmin\ncommand and write to its standard input and read from its standard output.\nTo simplify this process we use [scala-expect](https://github.com/Lasering/scala-expect).\n\n[Latest scaladoc documentation](https://ist-dsi.github.io/kadmin/latest/api/pt/tecnico/dsi/kadmin/index.html)\n\n## Install\nAdd the following dependency to your `build.sbt`:\n```sbt\nlibraryDependencies += \"pt.tecnico.dsi\" %% \"kadmin\" % \"7.0.0\"\n```\nWe use [semantic versioning](http://semver.org).\n\n## Available kadmin commands\n - [Adding a principal](https://ist-dsi.github.io/kadmin/latest/api/index.html#pt.tecnico.dsi.kadmin.Kadmin@addPrincipal(options:String,principal:String):work.martins.simon.expect.fluent.Expect[Either[pt.tecnico.dsi.kadmin.ErrorCase,Boolean]])\n - [Modifying a principal](https://ist-dsi.github.io/kadmin/latest/api/index.html#pt.tecnico.dsi.kadmin.Kadmin@modifyPrincipal(options:String,principal:String):work.martins.simon.expect.fluent.Expect[Either[pt.tecnico.dsi.kadmin.ErrorCase,Boolean]])\n   - [Expiring a principal](https://ist-dsi.github.io/kadmin/latest/api/index.html#pt.tecnico.dsi.kadmin.Kadmin@expirePrincipal(principal:String,expirationDateTime:pt.tecnico.dsi.kadmin.ExpirationDateTime):work.martins.simon.expect.fluent.Expect[Either[pt.tecnico.dsi.kadmin.ErrorCase,Boolean]])\n   - [Expiring the principal password](https://ist-dsi.github.io/kadmin/latest/api/index.html#pt.tecnico.dsi.kadmin.Kadmin@expirePrincipalPassword(principal:String,datetime:pt.tecnico.dsi.kadmin.ExpirationDateTime,force:Boolean):work.martins.simon.expect.fluent.Expect[Either[pt.tecnico.dsi.kadmin.ErrorCase,Boolean]])\n - [Change the principal password](https://ist-dsi.github.io/kadmin/latest/api/index.html#pt.tecnico.dsi.kadmin.Kadmin@changePassword(principal:String,newPassword:Option[String],randKey:Boolean,salt:Option[String]):work.martins.simon.expect.fluent.Expect[Either[pt.tecnico.dsi.kadmin.ErrorCase,Boolean]])\n - [Deleting a principal](https://ist-dsi.github.io/kadmin/latest/api/index.html#pt.tecnico.dsi.kadmin.Kadmin@deletePrincipal(principal:String):work.martins.simon.expect.fluent.Expect[Either[pt.tecnico.dsi.kadmin.ErrorCase,Boolean]])\n - [Getting a principal](https://ist-dsi.github.io/kadmin/latest/api/index.html#pt.tecnico.dsi.kadmin.Kadmin@getPrincipal(principal:String):work.martins.simon.expect.fluent.Expect[Either[pt.tecnico.dsi.kadmin.ErrorCase,pt.tecnico.dsi.kadmin.Principal]])\n - [Checking a principal password](https://ist-dsi.github.io/kadmin/latest/api/index.html#pt.tecnico.dsi.kadmin.Kadmin@checkPassword(principal:String,password:String):work.martins.simon.expect.fluent.Expect[Either[pt.tecnico.dsi.kadmin.ErrorCase,Boolean]])\n - [Adding a policy](https://ist-dsi.github.io/kadmin/latest/api/index.html#pt.tecnico.dsi.kadmin.Kadmin@addPolicy(options:String,policy:String):work.martins.simon.expect.fluent.Expect[Either[pt.tecnico.dsi.kadmin.ErrorCase,Boolean]])\n - [Modifying a policy](https://ist-dsi.github.io/kadmin/latest/api/index.html#pt.tecnico.dsi.kadmin.Kadmin@modifyPolicy(options:String,policy:String):work.martins.simon.expect.fluent.Expect[Either[pt.tecnico.dsi.kadmin.ErrorCase,Boolean]])\n - [Deleting a policy](https://ist-dsi.github.io/kadmin/latest/api/index.html#pt.tecnico.dsi.kadmin.Kadmin@deletePolicy(policy:String):work.martins.simon.expect.fluent.Expect[Either[pt.tecnico.dsi.kadmin.ErrorCase,Boolean]])\n - [Getting a policy](https://ist-dsi.github.io/kadmin/latest/api/index.html#pt.tecnico.dsi.kadmin.Kadmin@getPolicy(policy:String):work.martins.simon.expect.fluent.Expect[Either[pt.tecnico.dsi.kadmin.ErrorCase,pt.tecnico.dsi.kadmin.Policy]])\n\nEvery command is idempotent except when changing either a password, a salt or a key.\n\nBesides the above kadmin commands the following functions are also available:\n\n - [`getFullPrincipalName`](https://ist-dsi.github.io/kadmin/latest/api/index.html#pt.tecnico.dsi.kadmin.Kadmin@getFullPrincipalName(principal:String):String) - returns the principal name with the realm, eg: kadmin/admin@EXAMPLE.COM.\n - [`doOperation`](https://ist-dsi.github.io/kadmin/latest/api/index.html#pt.tecnico.dsi.kadmin.Kadmin@doOperation[R](f:work.martins.simon.expect.fluent.Expect[Either[pt.tecnico.dsi.kadmin.ErrorCase,R]]=\u003eUnit):work.martins.simon.expect.fluent.Expect[Either[pt.tecnico.dsi.kadmin.ErrorCase,R]]) - performs a kadmin command which will use password authentication or not according to the configuration, see below.\n - [`obtainTGT`](https://ist-dsi.github.io/kadmin/latest/api/index.html#pt.tecnico.dsi.kadmin.KadminUtils$@obtainTGT(options:String,principal:String,password:Option[String],keytab:Option[File]):work.martins.simon.expect.fluent.Expect[Either[pt.tecnico.dsi.kadmin.ErrorCase,Unit]]) - invokes `kinit` to obtain a ticket for a given principal. Authentication is either performed with a password or with a keytab.\n - [`listTickets`](https://ist-dsi.github.io/kadmin/latest/api/index.html#pt.tecnico.dsi.kadmin.KadminUtils$@listTickets(options:String):work.martins.simon.expect.fluent.Expect[Seq[pt.tecnico.dsi.kadmin.Ticket]]) - invokes `klist` to obtain the cached tickets.\n - [`destroyTickets`](https://ist-dsi.github.io/kadmin/latest/api/index.html#pt.tecnico.dsi.kadmin.KadminUtils$@destroyTickets(options:String):work.martins.simon.expect.fluent.Expect[Unit]) - invokes `kdestroy` to destroy the ticket cache.\n\n## Configurations\nKadmin uses [typesafe-config](https://github.com/typesafehub/config).\n\nThe [reference.conf](src/main/resources/reference.conf) file has the following keys:\n```scala\nkadmin {\n  realm = \"EXAMPLE.COM\"\n\n  principal = \"kadmin/admin\"\n  // If keytab is not empty \"command-keytab\" will be used.\n  // If password is not empty \"command-password\" will be used.\n  // If both keytab and password are not empty \"command-keytab\" will be used.\n  keytab = \"\"\n  password = \"\"\n  \n\n  // This is the command used to start kadmin.\n  // The literal string \"$FULL_PRINCIPAL\" will be replaced with s\"$principal@$realm\"\n  // The literal string \"$KEYTAB\" will be replaced with s\"$keytab\"\n  command-keytab = ${kadmin.command-password}\" -kt $KEYTAB\"\n  command-password = \"kadmin -p $FULL_PRINCIPAL\"\n\n  //The location to which keytabs will be generated to. Make sure this location:\n  // · is NOT volatile\n  // · is not world readable\n  // · the user running the application has permission to write and to read from it.\n  keytabs-location = \"/tmp\"\n\n  //Regex that matches against the kadmin command prompt\n  prompt = \"kadmin(.local)?: \"\n\n  # Kadmin will use as settings for scala-expect library those defined:\n  # 1) Here, directly under the path kadmin (these have precedence over the next ones).\n  # 2) On the same level as kadmin.\n  # IMPORTANT: if you set the log level of scala-expect to be info or higher the passwords of the principals will appear in the logs.\n  # be sure to set the log level to WARN in production.\n}\n```\n\nAlternatively you can pass your Config object to the kadmin constructor, or subclass the\n[Settings](https://ist-dsi.github.io/kadmin/latest/api/#pt.tecnico.dsi.kadmin.Settings) class for a mixed approach.\nThe scaladoc of the Settings class has examples explaining the different options.\n\n## How to test kadmin\nIn the project root run `./test.sh`. This script will run `docker-compose up` inside the docker-kerberos folder.\nBe sure to have [docker](https://docs.docker.com/engine/installation/) and [docker-compose](https://docs.docker.com/compose/install/) installed on your computer.\n\n## Note on the docker-kerberos folder\nThis folder is a [git fake submodule](http://debuggable.com/posts/git-fake-submodules:4b563ee4-f3cc-4061-967e-0e48cbdd56cb)\nto the [docker-kerberos repository](https://github.com/ist-dsi/docker-kerberos).\n\n## License\nkadmin is open source and available under the [MIT license](LICENSE).\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fist-dsi%2Fkadmin","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fist-dsi%2Fkadmin","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fist-dsi%2Fkadmin/lists"}