This post originated from an RSS feed registered with Ruby Buzz
by Daniel Berger.
Original Post: Forking krb5-auth
Feed Title: Testing 1,2,3...
Feed URL: http://djberg96.livejournal.com/data/rss
Feed Description: A blog on Ruby and other stuff.
A while back we decided to use a Kerberos authentication system at work. This is not only a superior approach to directly storing passwords in your users table (for various reasons I won't go into here), but it's also one way to implement single signon within your domain.
Unfortunately, the state of Ruby libraries for Kerberos was in a sad state. We found two Kerberos libraries for Ruby, but one is apparently no longer maintained, and the other (krb5-auth) needed some work. I was originally planning on just submitting some patches, but then realized it needed a total overhaul, not to mention some actual tests. Submitting patches and hoping for the best simply wasn't going to cut it.
So, I forked the project and got to work. Good thing I know C, eh? I'm one of the few people on the team that does. Anyway, I implemented several changes to the original source that include adding classes for admin functions, including the ability to create and delete principals, as well methods for finding and inspecting principals, keytabs and keytab entries.
Eventually I plan to release a completely separate version of this library with an updated interface, but we needed this now so that's going to have to wait a bit.
I just pushed out my own fork of the project today: gem install djberg96-krb5-auth
Previous Topic
