From 9d5ee8d947433edd542ed441136d19e4f4033af4 Mon Sep 17 00:00:00 2001 From: Russ Allbery Date: Wed, 19 Sep 2007 22:43:15 +0000 Subject: Implement unchanging support in the keytab object backend, which retrieves keytabs via remctl from the KDC. --- perl/Wallet/Config.pm | 44 ++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 44 insertions(+) (limited to 'perl/Wallet/Config.pm') diff --git a/perl/Wallet/Config.pm b/perl/Wallet/Config.pm index 4bc8e2f..9a1f9db 100644 --- a/perl/Wallet/Config.pm +++ b/perl/Wallet/Config.pm @@ -170,6 +170,17 @@ client. =over 4 +=item KEYTAB_CACHE + +Specifies the ticket cache to use when retrieving existing keytabs from the +KDC. This is only used to implement support for the C flag. +The ticket cache must be for a principal with access to run C via remctl on KEYTAB_REMCTL_HOST. + +=cut + +our $KEYTAB_CACHE; + =item KEYTAB_FILE Specifies the keytab to use to authenticate to B. The principal @@ -245,6 +256,39 @@ default to the local realm. our $KEYTAB_REALM; +=item KEYTAB_REMCTL_HOST + +The host to which to connect with remctl to retrieve existing keytabs. This +is only used to implement support for the C flag. This host +must provide the C command and KEYTAB_CACHE must also be +set to a ticket cache for a principal with access to run that command. + +=cut + +our $KEYTAB_REMCTL_HOST; + +=item KEYTAB_REMCTL_PRINCIPAL + +The service principal to which to authenticate when retrieving existing +keytabs. This is only used to implement support for the C flag. +If this variable is not set, the default is formed by prepending C to +KEYTAB_REMCTL_HOST. (Note that KEYTAB_REMCTL_HOST is not lowercased first.) + +=cut + +our $KEYTAB_REMCTL_PRINCIPAL; + +=item KEYTAB_REMCTL_PORT + +The port on KEYTAB_REMCTL_HOST to which to connect with remctl to retrieve +existing keytabs. This is only used to implement support for the +C flag. If this variable is not set, the default remctl port +will be used. + +=cut + +our $KEYTAB_REMCTL_PORT; + =item KEYTAB_TMP A directory into which the wallet can write keytabs temporarily while -- cgit v1.2.3