[EMAIL PROTECTED] replied to [EMAIL PROTECTED]: ... > CV> -Is there any API interface (java, c,any other language) to > CV> perform administrative operations? (add a principal, change a > CV> password, delete a principal) > > > CV> We must perform automatic provisioning via a web application (jsp) > CV> so it seems to be not a good solution using the kadmin command via > CV> System Calls. > > CV> The KDC is the MIT's one > > http://search.cpan.org/~korty/Authen-Krb5-Admin-0.09/Admin.pm > > CV> Thank you in advance.
The perl module is probably the best available at present. Recent versions of MIT kerberos should also export a C callable api for kadm5. With older versions of MIT this was also possible, but required extracting bits from built source for MIT k5. If you feel like experimenting, this may help, http://mailman.mit.edu/pipermail/krbdev/2007-March/005702.html There are also possibilities with java. I've got a java library that will do this, which I hope to make generally available shortly. It's undergoing review and final feature development right now. It uses jni and calls into gssrpc. A future version could be pure java, but that wasn't feasible right off. If you want a different java answer - opensolaris has a java library built into its source. It uses jni and calls into kadm5. Note CDDL licensing. Here's how to fetch a copy, do this, < find a filesystem with lots of space on a machine with mercurial > hg clone ssh://[EMAIL PROTECTED]/hg/onnv/onnv-gate then look here: onnv-gate/usr/src/OPENSOLARIS.LICENSE onnv-gate/usr/src/cmd/krb5/kadmin/gui/native/Kadmin.c onnv-gate/usr/src/cmd/krb5/kadmin/gui/native/Kadmin.java for more on solaris, http://opensolaris.org/os/project/onnv/ You will probably have to work out your own build procedure. We didn't go with that for various reasons, but maybe it can meet your needs. -Marcus Watts ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
