private static void requestTicket(String principal, KOptions ktOptions) throws Exception { ktOptions.add(KinitOption.CLIENT_PRINCIPAL, principal); // If not request tickets by keytab than by password. if (!ktOptions.contains(KinitOption.USE_KEYTAB)) { ktOptions.add(KinitOption.USE_PASSWD); String password = getPassword(principal); ktOptions.add(KinitOption.USER_PASSWD, password); } KrbClient krbClient = getClient(); TgtTicket tgt = krbClient.requestTgtWithOptions(ToolUtil.convertOptions(ktOptions)); if (tgt == null) { System.err.println("Requesting TGT failed"); return; } File ccacheFile; if (ktOptions.contains(KrbOption.KRB5_CACHE)) { String ccacheName = ktOptions.getStringOption(KrbOption.KRB5_CACHE); ccacheFile = new File(ccacheName); } else { String ccacheName = principal.replaceAll("/", "_"); ccacheName = "krb5_" + ccacheName + ".cc"; ccacheFile = new File(SysUtil.getTempDir(), ccacheName); } krbClient.storeTicket(tgt, ccacheFile); System.out.println( "Successfully requested and stored ticket in " + ccacheFile.getAbsolutePath()); }
/** * Modify the principal with KOptions. * * @param identity The identity to be modified * @param kOptions The KOptions with changed principal info * @throws KrbException */ static void updateIdentity(KrbIdentity identity, KOptions kOptions) { if (kOptions.contains(KadminOption.EXPIRE)) { Date date = kOptions.getDateOption(KadminOption.EXPIRE); identity.setExpireTime(new KerberosTime(date.getTime())); } if (kOptions.contains(KadminOption.DISABLED)) { identity.setDisabled(kOptions.getBooleanOption(KadminOption.DISABLED, false)); } if (kOptions.contains(KadminOption.LOCKED)) { identity.setLocked(kOptions.getBooleanOption(KadminOption.LOCKED, false)); } }
/** * Create principal. * * @param principal The principal name to be created * @param kOptions The KOptions with principal info */ static KrbIdentity createIdentity(String principal, KOptions kOptions) throws KrbException { KrbIdentity kid = new KrbIdentity(principal); kid.setCreatedTime(KerberosTime.now()); if (kOptions.contains(KadminOption.EXPIRE)) { Date date = kOptions.getDateOption(KadminOption.EXPIRE); kid.setExpireTime(new KerberosTime(date.getTime())); } else { kid.setExpireTime(new KerberosTime(253402300799900L)); } if (kOptions.contains(KadminOption.KVNO)) { kid.setKeyVersion(kOptions.getIntegerOption(KadminOption.KVNO)); } else { kid.setKeyVersion(1); } kid.setDisabled(false); kid.setLocked(false); return kid; }