auth_ldap_client_kerberos_context::Kerberos Class Reference

#include <auth_ldap_kerberos.h>

Public Member Functions
	Kerberos (const char *user, const char *password)
	~Kerberos ()
bool	obtain_store_credentials ()
bool	get_user_name (std::string *name)
	This function retrieves default principle from kerberos configuration and parses the user name from it. More...
void	destroy_credentials ()
void	get_ldap_host (std::string &host)
	This function gets LDAP host from krb5.conf file. More...

Private Member Functions
bool	setup ()
	This function creates kerberos context, initializes credentials cache and user principal. More...
void	cleanup ()
	This function frees kerberos context, credentials, credentials cache and user principal. More...
void	log (int error_code)
krb5_error_code	store_credentials ()
krb5_error_code	obtain_credentials ()
bool	credential_valid ()
bool	get_kerberos_config ()
	This method gets kerberos profile settings from krb5.conf file. More...

Private Attributes
bool	m_initialized
std::string	m_user
std::string	m_password
std::string	m_ldap_server_host
bool	m_destroy_tgt
krb5_context	m_context
krb5_ccache	m_krb_credentials_cache
krb5_creds	m_credentials
bool	m_credentials_created

Constructor & Destructor Documentation

Kerberos()

auth_ldap_client_kerberos_context::Kerberos::Kerberos	(	const char *	user,
		const char *	password
	)

~Kerberos()

auth_ldap_client_kerberos_context::Kerberos::~Kerberos

(

)

Member Function Documentation

cleanup()

void auth_ldap_client_kerberos_context::Kerberos::cleanup ( )

private

This function frees kerberos context, credentials, credentials cache and user principal.

credential_valid()

bool auth_ldap_client_kerberos_context::Kerberos::credential_valid ( )

private

destroy_credentials()

void auth_ldap_client_kerberos_context::Kerberos::destroy_credentials

(

)

get_kerberos_config()

bool auth_ldap_client_kerberos_context::Kerberos::get_kerberos_config ( )

private

This method gets kerberos profile settings from krb5.conf file.

Sample krb5.conf file format may be like this:

[realms] MEM.LOCAL = { kdc = VIKING67.MEM.LOCAL admin_server = VIKING67.MEM.LOCAL default_domain = MEM.LOCAL }

This portion is optional

[appdefaults] mysql = { ldap_server_host = ldap_host.oracle.com ldap_destroy_tgt = true }

kdc: The name or address of a host running a KDC for that realm. An optional port number, separated from the hostname by a colon, may be included. If the name or address contains colons (for example, if it is an IPv6 address), enclose it in square brackets to distinguish the colon from a port separator.

For example: kdchost.example.com:88

Details from: https://web.mit.edu/kerberos/krb5-latest/doc/admin/conf_files/krb5_conf.html

Host information is used by LDAP SASL client API while initialization. LDAP SASL API doesn't need port information and port is not used any where.

get_ldap_host()

void auth_ldap_client_kerberos_context::Kerberos::get_ldap_host

(

std::string &

host

)

This function gets LDAP host from krb5.conf file.

get_user_name()

bool auth_ldap_client_kerberos_context::Kerberos::get_user_name

(

std::string *

name

)

This function retrieves default principle from kerberos configuration and parses the user name from it.

If user name has not been provided in the MySQL client, This method can be used to get the user name and use for authentication.

Return values

true	Successfully able to get user name.
false	Failed to get user name.

log()

void auth_ldap_client_kerberos_context::Kerberos::log ( int  error_code )

private

obtain_credentials()

krb5_error_code auth_ldap_client_kerberos_context::Kerberos::obtain_credentials ( )

private

obtain_store_credentials()

bool auth_ldap_client_kerberos_context::Kerberos::obtain_store_credentials

(

)

1. This function authenticates with kerberos server.
2. If TGT destroy is false, this function stores the TGT in Kerberos cache for subsequent usage.
3. If user credentials already exist in the cache, it doesn't attempt to get it again.

Return values

true	Successfully able to obtain and store credentials.
false	Failed to obtain and store credentials.

setup()

bool auth_ldap_client_kerberos_context::Kerberos::setup ( )

private

This function creates kerberos context, initializes credentials cache and user principal.

Return values

true	All the required kerberos objects like context, credentials cache and user principal are initialized correctly.
false	Required kerberos objects failed to initialized.

store_credentials()

krb5_error_code auth_ldap_client_kerberos_context::Kerberos::store_credentials ( )

private

Member Data Documentation

m_context

krb5_context auth_ldap_client_kerberos_context::Kerberos::m_context

private

m_credentials

krb5_creds auth_ldap_client_kerberos_context::Kerberos::m_credentials

private

m_credentials_created

bool auth_ldap_client_kerberos_context::Kerberos::m_credentials_created

private

m_destroy_tgt

bool auth_ldap_client_kerberos_context::Kerberos::m_destroy_tgt

private

m_initialized

bool auth_ldap_client_kerberos_context::Kerberos::m_initialized

private

m_krb_credentials_cache

krb5_ccache auth_ldap_client_kerberos_context::Kerberos::m_krb_credentials_cache

private

m_ldap_server_host

std::string auth_ldap_client_kerberos_context::Kerberos::m_ldap_server_host

private

m_password

std::string auth_ldap_client_kerberos_context::Kerberos::m_password

private

m_user

std::string auth_ldap_client_kerberos_context::Kerberos::m_user

private

---

The documentation for this class was generated from the following files:

• libmysql/authentication_ldap/auth_ldap_kerberos.h
• libmysql/authentication_ldap/auth_ldap_kerberos.cc