org.apache.directory.server.core.kerberos
Class KeyDerivationInterceptor
java.lang.Object
org.apache.directory.server.core.interceptor.BaseInterceptor
org.apache.directory.server.core.kerberos.KeyDerivationInterceptor
- All Implemented Interfaces:
- Interceptor
public class KeyDerivationInterceptor
- extends BaseInterceptor
An Interceptor
that creates symmetric Kerberos keys for users. When a
'userPassword' is added or modified, the 'userPassword' and 'krb5PrincipalName'
are used to derive Kerberos keys. If the 'userPassword' is the special keyword
'randomKey', a random key is generated and used as the Kerberos key.
- Version:
- $Rev$, $Date$
- Author:
- Apache Directory Project
- XBean
Field Summary |
static java.lang.String |
NAME
The service name. |
Methods inherited from class org.apache.directory.server.core.interceptor.BaseInterceptor |
addContextPartition, bind, compare, delete, destroy, getContext, getMatchedName, getName, getPrincipal, getRootDSE, getSuffix, hasEntry, init, list, listSuffixes, lookup, move, moveAndRename, removeContextPartition, rename, search, unbind |
Methods inherited from class java.lang.Object |
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
NAME
public static final java.lang.String NAME
- The service name.
- See Also:
- Constant Field Values
KeyDerivationInterceptor
public KeyDerivationInterceptor()
add
public void add(NextInterceptor next,
AddOperationContext addContext)
throws java.lang.Exception
- Intercept the addition of the 'userPassword' and 'krb5PrincipalName' attributes. Use the 'userPassword'
and 'krb5PrincipalName' attributes to derive Kerberos keys for the principal. If the 'userPassword' is
the special keyword 'randomKey', set random keys for the principal. Set the key version number (kvno)
to '0'.
- Specified by:
add
in interface Interceptor
- Overrides:
add
in class BaseInterceptor
- Throws:
java.lang.Exception
modify
public void modify(NextInterceptor next,
ModifyOperationContext modContext)
throws java.lang.Exception
- Intercept the modification of the 'userPassword' attribute. Perform a lookup to check for an
existing principal name and key version number (kvno). If a 'krb5PrincipalName' is not in
the modify request, attempt to use an existing 'krb5PrincipalName' attribute. If a kvno
exists, increment the kvno; otherwise, set the kvno to '0'.
If both a 'userPassword' and 'krb5PrincipalName' can be found, use the 'userPassword' and
'krb5PrincipalName' attributes to derive Kerberos keys for the principal.
If the 'userPassword' is the special keyword 'randomKey', set random keys for the principal.
- Specified by:
modify
in interface Interceptor
- Overrides:
modify
in class BaseInterceptor
- Throws:
java.lang.Exception
Copyright © 2003-2011 Apache Software Foundation. All Rights Reserved.