KeyDerivationInterceptor (ApacheDS Interceptors for Kerberos 2.0.0-M17 API)

java.lang.Object
- org.apache.directory.server.core.api.interceptor.BaseInterceptor
- - org.apache.directory.server.core.kerberos.KeyDerivationInterceptor

All Implemented Interfaces:

org.apache.directory.server.core.api.interceptor.Interceptor
```
public class KeyDerivationInterceptor
extends org.apache.directory.server.core.api.interceptor.BaseInterceptor
```
An Interceptor that creates symmetric Kerberos keys for users. When a 'userPassword' is added or modified, the 'userPassword' and 'krb5PrincipalName' are used to derive Kerberos keys. If the 'userPassword' is the special keyword 'randomKey', a random key is generated and used as the Kerberos key.

Author:

Apache Directory Project

Field Summary
- Fields inherited from class org.apache.directory.server.core.api.interceptor.BaseInterceptor
  ACCESS_CONTROL_SUBENTRIES_AT, ADMINISTRATIVE_ROLE_AT, COLLECTIVE_ATTRIBUTE_SUBENTRIES_AT, COLLECTIVE_EXCLUSIONS_AT, CREATE_TIMESTAMP_AT, CREATORS_NAME_AT, directoryService, dnFactory, ENTRY_ACI_AT, ENTRY_CSN_AT, ENTRY_DN_AT, ENTRY_UUID_AT, MODIFIERS_NAME_AT, MODIFY_TIMESTAMP_AT, OBJECT_CLASS_AT, PWD_POLICY_STATE_ATTRIBUTE_TYPES, schemaManager, SUBENTRY_ACI_AT, SUBSCHEMA_SUBENTRY_AT, SUBTREE_SPECIFICATION_AT, TRIGGER_EXECUTION_SUBENTRIES_AT, UNIQUE_MEMBER_AT

Constructor Summary

Constructors
Constructor and Description

KeyDerivationInterceptor()
Creates an instance of a KeyDerivationInterceptor.

Constructors
Constructor and Description
`KeyDerivationInterceptor()` Creates an instance of a KeyDerivationInterceptor.

Method Summary

Methods
Modifier and Type	Method and Description
`void`	`add(org.apache.directory.server.core.api.interceptor.context.AddOperationContext addContext)` Intercepts the addition of the 'userPassword' and 'krb5PrincipalName' attributes.
`void`	`init(org.apache.directory.server.core.api.DirectoryService directoryService)`
`void`	`modify(org.apache.directory.server.core.api.interceptor.context.ModifyOperationContext modContext)` Intercept the modification of the 'userPassword' attribute.

Methods inherited from class org.apache.directory.server.core.api.interceptor.BaseInterceptor
bind, compare, delete, destroy, getName, getNextInterceptor, getPrincipal, getRootDse, hasEntry, lookup, move, moveAndRename, next, next, next, next, next, next, next, next, next, next, next, next, next, rename, search, unbind

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

- Constructor Detail
  - KeyDerivationInterceptor
```
public KeyDerivationInterceptor()
```
    Creates an instance of a KeyDerivationInterceptor.
- Method Detail
  - init
```
public void init(org.apache.directory.server.core.api.DirectoryService directoryService)
          throws org.apache.directory.api.ldap.model.exception.LdapException
```
    Specified by:
    
    init in interface org.apache.directory.server.core.api.interceptor.Interceptor
    
    Overrides:
    
    init in class org.apache.directory.server.core.api.interceptor.BaseInterceptor
    
    Throws:
    
    org.apache.directory.api.ldap.model.exception.LdapException
  - add
```
public void add(org.apache.directory.server.core.api.interceptor.context.AddOperationContext addContext)
         throws org.apache.directory.api.ldap.model.exception.LdapException
```
    Intercepts the addition of the 'userPassword' and 'krb5PrincipalName' attributes. Uses the 'userPassword' and 'krb5PrincipalName' attributes to derive Kerberos keys for the principal. If the 'userPassword' is the special keyword 'randomKey', set random keys for the principal. Set the key version number (kvno) to '0'.
    
    Specified by:
    
    add in interface org.apache.directory.server.core.api.interceptor.Interceptor
    
    Overrides:
    
    add in class org.apache.directory.server.core.api.interceptor.BaseInterceptor
    
    Throws:
    
    org.apache.directory.api.ldap.model.exception.LdapException
  - modify
```
public void modify(org.apache.directory.server.core.api.interceptor.context.ModifyOperationContext modContext)
            throws org.apache.directory.api.ldap.model.exception.LdapException
```
    Intercept the modification of the 'userPassword' attribute. Perform a lookup to check for an existing principal name and key version number (kvno). If a 'krb5PrincipalName' is not in the modify request, attempt to use an existing 'krb5PrincipalName' attribute. If a kvno exists, increment the kvno; otherwise, set the kvno to '0'. If both a 'userPassword' and 'krb5PrincipalName' can be found, use the 'userPassword' and 'krb5PrincipalName' attributes to derive Kerberos keys for the principal. If the 'userPassword' is the special keyword 'randomKey', set random keys for the principal.
    
    Specified by:
    
    modify in interface org.apache.directory.server.core.api.interceptor.Interceptor
    
    Overrides:
    
    modify in class org.apache.directory.server.core.api.interceptor.BaseInterceptor
    
    Throws:
    
    org.apache.directory.api.ldap.model.exception.LdapException

Class KeyDerivationInterceptor

Field Summary

Fields inherited from class org.apache.directory.server.core.api.interceptor.BaseInterceptor

Constructor Summary

Method Summary

Methods inherited from class org.apache.directory.server.core.api.interceptor.BaseInterceptor

Methods inherited from class java.lang.Object

Constructor Detail

KeyDerivationInterceptor

Method Detail

init

add

modify