GSSAuthenticator (Apache Mina SSHD

Overview

Package

Class

Use

Tree

Deprecated

Index

Help

PREV CLASS NEXT CLASS

FRAMES NO FRAMES

SUMMARY: NESTED | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

org.apache.sshd.server.auth.gss
Class GSSAuthenticator

java.lang.Object
  org.apache.sshd.server.auth.gss.GSSAuthenticator

public class GSSAuthenticator
extends java.lang.Object
extends java.lang.Object

Class providing basic GSS authentication services. Can be used as-is, but is often extended to provide environment specific implementations.

Author:: Richard Evans

Constructor Summary
`GSSAuthenticator()`

Method Summary
`org.ietf.jgss.GSSCredential`	`getGSSCredential(org.ietf.jgss.GSSManager mgr)` Overridable method to get GSS accept credential suitable for the current environment.
`org.ietf.jgss.GSSManager`	`getGSSManager()` Overridable method to get GSS manager suitable for current environment.
`void`	`setKeytabFile(java.lang.String keytabFile)` Set the location of the Kerberos keytab.
`void`	`setServicePrincipalName(java.lang.String servicePrincipalName)` Set the service principal name to be used.
`boolean`	`validateIdentity(ServerSession session, java.lang.String identity)` Validate the source identity obtained from the context after negotiation is complete.
`boolean`	`validateInitialUser(ServerSession session, java.lang.String user)` Validate the user name passed in the initial SSH_MSG_USERAUTH_REQUEST message.

Methods inherited from class java.lang.Object
`clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait`

Constructor Detail

GSSAuthenticator

public GSSAuthenticator()

Method Detail

getGSSManager

public org.ietf.jgss.GSSManager getGSSManager()

Overridable method to get GSS manager suitable for current environment.

Returns:: A new manager

getGSSCredential

public org.ietf.jgss.GSSCredential getGSSCredential(org.ietf.jgss.GSSManager mgr)
                                             throws java.net.UnknownHostException,
                                                    javax.security.auth.login.LoginException,
                                                    org.ietf.jgss.GSSException

Overridable method to get GSS accept credential suitable for the current environment. The default implementation uses a Kerberos key table.

Parameters:: mgr - The GSS manager
Returns:: The credential; if the result is null gssapi authentication fails immediately
Throws:: java.net.UnknownHostException - If the local host name could not be determined; javax.security.auth.login.LoginException - If the subject could not be found; org.ietf.jgss.GSSException - If the credential could not be obtained

validateInitialUser

public boolean validateInitialUser(ServerSession session,
                                   java.lang.String user)

Validate the user name passed in the initial SSH_MSG_USERAUTH_REQUEST message. This is sort of mandated by RFC 4462, but it may be more useful to wait for the GSS negotiation to complete. The default implementation here always succeeds.

Parameters:: session - The current session; user - The user name from the initial request
Returns:: true if the user is valid, false if invalid

validateIdentity

public boolean validateIdentity(ServerSession session,
                                java.lang.String identity)

Validate the source identity obtained from the context after negotiation is complete. The default implementation here always succeeds.

Parameters:: session - The current session; identity - The identity from the GSS context
Returns:: true if the identity is valid, false if invalid

setServicePrincipalName

public void setServicePrincipalName(java.lang.String servicePrincipalName)

Set the service principal name to be used. The default is host/hostname.

Parameters:: servicePrincipalName - The principal name

setKeytabFile

public void setKeytabFile(java.lang.String keytabFile)

Set the location of the Kerberos keytab. The default is defined by the JRE.

Parameters:: keytabFile - The location of the keytab