org.apache.directory.server.core.kerberos

Class KeyDerivationInterceptor

java.lang.Object

org.apache.directory.server.core.api.interceptor.BaseInterceptor

org.apache.directory.server.core.kerberos.KeyDerivationInterceptor

All Implemented Interfaces:

Interceptor

public class KeyDerivationInterceptor
extends BaseInterceptor

An Interceptor that creates symmetric Kerberos keys for users. When a 'userPassword' is added or modified, the 'userPassword' and 'krb5PrincipalName' are used to derive Kerberos keys. If the 'userPassword' is the special keyword 'randomKey', a random key is generated and used as the Kerberos key.

Author:

Apache Directory Project

Field Summary

Fields inherited from class org.apache.directory.server.core.api.interceptor.BaseInterceptor

directoryService, dnFactory, PWD_POLICY_STATE_ATTRIBUTE_TYPES, schemaManager

Constructor Summary

Constructors

Constructor and Description
KeyDerivationInterceptor() Creates an instance of a KeyDerivationInterceptor.

Method Summary

Modifier and Type	Method and Description
void	add(AddOperationContext addContext) Intercepts the addition of the 'userPassword' and 'krb5PrincipalName' attributes.
void	init(DirectoryService directoryService) This method does nothing by default.
void	modify(ModifyOperationContext modContext) Intercept the modification of the 'userPassword' attribute.

Methods inherited from class org.apache.directory.server.core.api.interceptor.BaseInterceptor

bind, compare, delete, destroy, getName, getNextInterceptor, getPrincipal, getRootDse, hasEntry, lookup, move, moveAndRename, next, next, next, next, next, next, next, next, next, next, next, next, next, rename, search, unbind

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

KeyDerivationInterceptor

public KeyDerivationInterceptor()

Creates an instance of a KeyDerivationInterceptor.

Method Detail

init

public void init(DirectoryService directoryService)
          throws org.apache.directory.api.ldap.model.exception.LdapException

This method does nothing by default.

Specified by:

init in interface Interceptor

Overrides:

init in class BaseInterceptor

Throws:

org.apache.directory.api.ldap.model.exception.LdapException

add

public void add(AddOperationContext addContext)
         throws org.apache.directory.api.ldap.model.exception.LdapException

Intercepts the addition of the 'userPassword' and 'krb5PrincipalName' attributes. Uses the 'userPassword' and 'krb5PrincipalName' attributes to derive Kerberos keys for the principal. If the 'userPassword' is the special keyword 'randomKey', set random keys for the principal. Set the key version number (kvno) to '0'.

Specified by:

add in interface Interceptor

Overrides:

add in class BaseInterceptor

Parameters:

addContext - The AddOperationContext instance

Throws:

org.apache.directory.api.ldap.model.exception.LdapException - If we had some error while processing the Add operation

modify

public void modify(ModifyOperationContext modContext)
            throws org.apache.directory.api.ldap.model.exception.LdapException

Intercept the modification of the 'userPassword' attribute. Perform a lookup to check for an existing principal name and key version number (kvno). If a 'krb5PrincipalName' is not in the modify request, attempt to use an existing 'krb5PrincipalName' attribute. If a kvno exists, increment the kvno; otherwise, set the kvno to '0'. If both a 'userPassword' and 'krb5PrincipalName' can be found, use the 'userPassword' and 'krb5PrincipalName' attributes to derive Kerberos keys for the principal. If the 'userPassword' is the special keyword 'randomKey', set random keys for the principal.

Specified by:

modify in interface Interceptor

Overrides:

modify in class BaseInterceptor

Throws:

org.apache.directory.api.ldap.model.exception.LdapException