Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/doriantaylor/p5-role-kerberos

Bolt-on Kerberos 5 ticket management
https://github.com/doriantaylor/p5-role-kerberos

Last synced: 24 days ago
JSON representation

Bolt-on Kerberos 5 ticket management

Host: GitHub
URL: https://github.com/doriantaylor/p5-role-kerberos
Owner: doriantaylor
License: apache-2.0
Created: 2015-12-13T21:37:43.000Z (about 9 years ago)
Default Branch: master
Last Pushed: 2018-09-13T21:58:50.000Z (over 6 years ago)
Last Synced: 2023-03-12T10:11:35.743Z (almost 2 years ago)
Language: Perl
Size: 17.6 KB
Stars: 0
Watchers: 1
Forks: 0
Open Issues: 0
Metadata Files:
- Readme: README
- Changelog: Changes
- License: LICENSE

Awesome Lists containing this project

README

NAME
Role::Kerberos - A role for managing Kerberos 5 credentials

VERSION
Version 0.02

SYNOPSIS
package My::Kerbject;

use Moo;
with 'Role::Kerberos';

has other_stuff => (
# ...
);

# go nuts...

# ...elsewhere:

package Somewhere::Else;

my $krb = My::Kerbject->new(
principal => '[email protected]',
keytab => '/etc/robot/creds.keytab',
ccache => '/var/lib/robot/krb5cc',
other_stuff => 'derp',
);

DESCRIPTION
Authen::Krb5 is kind of unwieldy. Authen::Krb5::Simple is too simple (no
keytabs). Authen::Krb5::Effortless requires too much effort (can't
specify keytabs/ccaches outside of environment variables) and
Authen::Krb5::Easy hasn't been touched in 13 years.

The purpose of this module is to enable you to strap onto an existing
Moo(se) object the functionality necessary to acquire and maintain a
Kerberos TGT. My own impetus for writing this module involves making
connections authenticated via Authen::SASL and GSSAPI where the keys
come from a keytab in a non-default location and the consistency of %ENV
is not reliable (that is, in a Web app).

METHODS
new %PARAMS
As with all roles, these parameters get integrated into your class's
constructor, and also serve as accessor methods. Every one is read-only,
and every one is optional except "principal".

realm
The default realm. Taken from the default principal, or otherwise
the system default realm if not defined.

principal
The default principal. Can (should) also contain a realm. If a realm
is missing from the principal, it will be added from "realm".
Coerced from a string into a "Authen::Krb5::Principal" in
Authen::Krb5 object. Required.

keytab
A keytab, if other than $ENV{KRB5_KTNAME}. Will default to that or
the system default (e.g. "/etc/krb5.keytab"). Coerced from a file
path into an "Authen::Krb5::Keytab" in Authen::Krb5 object.

password
The password for the default principal. Don't use this. Use a
keytab.

ccache
The locator (e.g. file path) of a credential cache, if different
from $ENV{KRB5CCNAME} or the system default. Coerced into an
"Authen::Krb5::Ccache" in Authen::Krb5 object.

kinit %PARAMS
Log in to Kerberos. Parameters are optional.

principal
The principal, if different from that in the constructor.

realm
The realm, if different from that in the constructor. Ignored if the
principal contains a realm.

password
The Kerberos password, if logging in with a password. (See
Term::ReadPassword for a handy way of ingesting a password from the
command line.)

keytab
A keytab, if different from that in the constructor or
$ENV{KRB5_KTNAME}. Will be coerced from a file name.

service
A service principal, if different from "krbtgt/REALM@REALM".

klist %PARAMS
kexpired
Returns true if any tickets in the cache are expired.

kdestroy
Destroy the credentials cache (if there is something to destroy).

AUTHOR
Dorian Taylor, ""