org.apache.directory.server.core.kerberos
Class KeyDerivationInterceptor

java.lang.Object
  extended by org.apache.directory.server.core.interceptor.BaseInterceptor
      extended by org.apache.directory.server.core.kerberos.KeyDerivationInterceptor
All Implemented Interfaces:
Interceptor

public class KeyDerivationInterceptor
extends BaseInterceptor

An Interceptor that creates symmetric Kerberos keys for users. When a 'userPassword' is added or modified, the 'userPassword' and 'krb5PrincipalName' are used to derive Kerberos keys. If the 'userPassword' is the special keyword 'randomKey', a random key is generated and used as the Kerberos key.

Version:
$Rev$, $Date$
Author:
Apache Directory Project
XBean

Field Summary
static java.lang.String NAME
          The service name.
 
Constructor Summary
KeyDerivationInterceptor()
           
 
Method Summary
 void add(NextInterceptor next, AddOperationContext addContext)
          Intercept the addition of the 'userPassword' and 'krb5PrincipalName' attributes.
 void modify(NextInterceptor next, ModifyOperationContext modContext)
          Intercept the modification of the 'userPassword' attribute.
 
Methods inherited from class org.apache.directory.server.core.interceptor.BaseInterceptor
addContextPartition, bind, compare, delete, destroy, getContext, getMatchedName, getName, getPrincipal, getRootDSE, getSuffix, hasEntry, init, list, listSuffixes, lookup, move, moveAndRename, removeContextPartition, rename, search, unbind
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

NAME

public static final java.lang.String NAME
The service name.

See Also:
Constant Field Values
Constructor Detail

KeyDerivationInterceptor

public KeyDerivationInterceptor()
Method Detail

add

public void add(NextInterceptor next,
                AddOperationContext addContext)
         throws java.lang.Exception
Intercept the addition of the 'userPassword' and 'krb5PrincipalName' attributes. Use the 'userPassword' and 'krb5PrincipalName' attributes to derive Kerberos keys for the principal. If the 'userPassword' is the special keyword 'randomKey', set random keys for the principal. Set the key version number (kvno) to '0'.

Specified by:
add in interface Interceptor
Overrides:
add in class BaseInterceptor
Throws:
java.lang.Exception

modify

public void modify(NextInterceptor next,
                   ModifyOperationContext modContext)
            throws java.lang.Exception
Intercept the modification of the 'userPassword' attribute. Perform a lookup to check for an existing principal name and key version number (kvno). If a 'krb5PrincipalName' is not in the modify request, attempt to use an existing 'krb5PrincipalName' attribute. If a kvno exists, increment the kvno; otherwise, set the kvno to '0'. If both a 'userPassword' and 'krb5PrincipalName' can be found, use the 'userPassword' and 'krb5PrincipalName' attributes to derive Kerberos keys for the principal. If the 'userPassword' is the special keyword 'randomKey', set random keys for the principal.

Specified by:
modify in interface Interceptor
Overrides:
modify in class BaseInterceptor
Throws:
java.lang.Exception


Copyright © 2003-2011 Apache Software Foundation. All Rights Reserved.