Java AFS Admin API v1.3

org.openafs.jafsadm
Class K5User

java.lang.Object
  |
  +--org.openafs.jafsadm.K5User

public class K5User
extends Object

An abstract representation of an AFS Kerberos V user.

This document should be considered a preliminary draft posted for the purpose of feedback and should not be considered a functional API document.

The members of this class are strictly modeled after the kadmin command.



Version:
1.0, 3/31/02

Constructor Summary
K5User(String name, Cell cell)
          Constructs a new K5User object instance given the name of the AFS user and the AFS cell, represented by cell, to which it belongs.
K5User(String name, Cell cell, K5PasswordPolicy passwordPolicy)
          Constructs a new K5User object instance given the name of the AFS user and the AFS cell, represented by cell, to which it belongs and the Kerberos 5 Password Policy to be applied.
 
Method Summary
 boolean allowsDuplicateSessionKey()
          K5 Attribute: Tests if this principal is allowed to obtain a session key for another user.
 boolean allowsForwardableTickets()
          K5 Attribute: Tests if this principal is allowed to obtain forwardable tickets.
 boolean allowsPostDatedTickets()
          K5 Attribute: Tests if this principal is allowed to obtain postdated tickets.
 boolean allowsProxiableTickets()
          K5 Attribute: Tests if this principal is allowed to obtain proxiable tickets.
 boolean allowsRenewableTickets()
          K5 Attribute: Tests if this principal is allowed to obtain renewable tickets.
 boolean allowsServiceTickets()
          K5 Attribute: Tests if this principal is allowed to obtain service tickets.
 boolean canChangePassword()
          K5: Returns whether or not the user can change their password
 int compareTo(K5User user)
          Compares two K5User objects respective to their names and does not factor any other attribute.
 int compareTo(Object obj)
          Comparable interface method.
 void create(String password)
          Creates the Kerberos 5 entries for a new user in this cell.
 void delete()
          Deletes the K5 entries for a user in this cell.
 boolean equals(K5User otherUser)
          Tests whether two K5User objects are equal, based on their names.
 Cell getCell()
          Returns the Cell/Realm this user belongs to.
 int getFailLoginCount()
          K5: Returns the number of failed login attempts this user is allowed before being locked out.
 int getKeyVersion()
          K5: Returns the version of the user's key.
 GregorianCalendar getLastChangePasswordDate()
          K5: Returns the last date and time the user changed its password.
 GregorianCalendar getLastModDate()
          K5: Returns the date and time the user was last modified.
 String getLastModName()
          K5: Returns the name of this user that last modified this user.
 int getMasterKeyVersion()
          K5: Returns the master key version of this user.
 int getMaxRenewableLife()
          K5: Returns the the maximum renewable life of this user.
 int getMaxTicketLifetime()
          K5: Returns the maximum lifetime of a ticket issued to this user (in seconds).
 String getName()
          Returns the name of this user.
 GregorianCalendar getPasswordExpirationDate()
          K5: Returns the date and time the password expires.
 K5PasswordPolicy getPasswordPolicy()
          K5: Returns the password policy assigned to this user.
 int getSaltType()
          K5: Returns the specified salt for generating the key.
 GregorianCalendar getUserExpirationDate()
          K5: Returns the date and time the user expires.
 boolean requiresHardwareAuth()
          K5 Attribute: Tests if this principal is required to preauthenticate using a hardware device before being allowed to kinit.
 boolean requiresPasswordChange()
          K5 Attribute: Flag in attributes field to force a password change.
 boolean requiresPreAuth()
          K5 Attribute: Tests if this principal is required to preauthenticate before being allowed to kinit.
 void setChangePassword(boolean setting)
          K5: Sets whether or not the user can change their password
 void setDuplicateSessionKey(boolean flag)
          K5: Sets attribute to allow/deny this principal from obtaining a session key for another user.
 void setFailLoginCount(int logins)
          K5: Sets the number of failed login attempts this user is allowed before being locked out.
 void setForwardableTickets(boolean flag)
          K5: Sets attribute to allow/deny this principal from obtaining forwardable tickets.
 void setGrantTickets(boolean setting)
          K5: Sets whether or not TGS will issue tickets for this K5User
 void setHardwareAuth(boolean flag)
          K5: Sets attribute to require this principal to preauthenticate using a hardware device before being allowed to kinit, if flag is true.
 void setMaxTicketLifetime(int seconds)
          K5: Sets the maximum lifetime of a ticket issued to this user (in seconds).
 void setPassword(String newPassword)
          Sets the password of this user to something new.
 void setPasswordChange(boolean flag)
          K5: Sets attribute to force a password change for this principal, if flag is true.
 void setPasswordExpiration(GregorianCalendar expirationDate)
          K5: Sets the date and time the password expires.
 void setPasswordPolicy(K5PasswordPolicy policy)
          K5: Sets the password policy for this user.
 void setPostDatedTickets(boolean flag)
          K5: Sets attribute to allow/deny this principal from obtaining postdated tickets.
 void setPreAuth(boolean flag)
          K5: Sets attribute to require this principal to preauthenticate before being allowed to kinit, if flag is true.
 void setProxiableTickets(boolean flag)
          K5: Sets attribute to allow/deny this principal from obtaining proxiable tickets.
 void setRenewableTickets(boolean flag)
          K5: Sets attribute to allow/deny this principal from obtaining renewable tickets.
 void setSaltType(int type)
          K5: Sets the specified salt for generating the key.
 void setServiceTickets(boolean flag)
          K5: Sets attribute to allow/deny this principal from obtaining service tickets.
 void setUserExpiration(GregorianCalendar expirationDate)
          K5: Sets the date and time the user expires.
 String toString()
          Returns the name of this User
 boolean willGrantTickets()
          K5: Returns whether or not TGS will issue tickets for this user
 
Methods inherited from class java.lang.Object
equals, getClass, hashCode, notify, notifyAll, wait, wait, wait
 

Constructor Detail

K5User

public K5User(String name,
              Cell cell)
       throws AFSAdminException
Constructs a new K5User object instance given the name of the AFS user and the AFS cell, represented by cell, to which it belongs.
Parameters:
name - the name of the user to represent
cell - the cell to which the user belongs.
Throws:
AFSAdminException - If an error occurs in the native code

K5User

public K5User(String name,
              Cell cell,
              K5PasswordPolicy passwordPolicy)
       throws AFSAdminException
Constructs a new K5User object instance given the name of the AFS user and the AFS cell, represented by cell, to which it belongs and the Kerberos 5 Password Policy to be applied.
Parameters:
name - the name of the user to represent
cell - the cell to which the user belongs.
passwordPolicy - the K5 password policy to be applied to this user.
Throws:
AFSAdminException - If an error occurs in the native code
Method Detail

create

public void create(String password)
            throws AFSAdminException
Creates the Kerberos 5 entries for a new user in this cell. Automatically assigns a user id. Be sure to call refreshUsers afterward to update this Cell's user list.
Parameters:
password - the password for the new user
Throws:
AFSAdminException - If an error occurs in the native code

delete

public void delete()
            throws AFSAdminException
Deletes the K5 entries for a user in this cell. Deletes this user from the membership list of the groups to which it belonged, but does not delete the groups owned by this user. Also nullifies this corresponding Java object.
Throws:
AFSAdminException - If an error occurs in the native code

getName

public String getName()
Returns the name of this user.
Returns:
the name of this user

getCell

public Cell getCell()
Returns the Cell/Realm this user belongs to.
Returns:
the Cell this user belongs to

willGrantTickets

public boolean willGrantTickets()
                         throws AFSAdminException
K5: Returns whether or not TGS will issue tickets for this user
Returns:
whether or not TGS will issue tickets for this user
Throws:
AFSAdminException - If an error occurs in the native code

canChangePassword

public boolean canChangePassword()
                          throws AFSAdminException
K5: Returns whether or not the user can change their password
Returns:
whether or not the user can change their password
Throws:
AFSAdminException - If an error occurs in the native code

getUserExpirationDate

public GregorianCalendar getUserExpirationDate()
                                        throws AFSAdminException
K5: Returns the date and time the user expires. A null value indicates the user never exipres (or that there is no k5 entry for this user).
Returns:
the date and time the user expires
Throws:
AFSAdminException - If an error occurs in the native code

getLastModDate

public GregorianCalendar getLastModDate()
                                 throws AFSAdminException
K5: Returns the date and time the user was last modified.
Returns:
the date and time the user was last modified
Throws:
AFSAdminException - If an error occurs in the native code

getLastModName

public String getLastModName()
                      throws AFSAdminException
K5: Returns the name of this user that last modified this user.
Returns:
the name of this user that last modified this user.
Throws:
AFSAdminException - If an error occurs in the native code

getLastChangePasswordDate

public GregorianCalendar getLastChangePasswordDate()
                                            throws AFSAdminException
K5: Returns the last date and time the user changed its password.
Returns:
the last date and time the user changed its password.
Throws:
AFSAdminException - If an error occurs in the native code

getMaxTicketLifetime

public int getMaxTicketLifetime()
                         throws AFSAdminException
K5: Returns the maximum lifetime of a ticket issued to this user (in seconds).
Returns:
the maximum lifetime of a ticket issued to this user (in seconds).
Throws:
AFSAdminException - If an error occurs in the native code

getPasswordPolicy

public K5PasswordPolicy getPasswordPolicy()
                                   throws AFSAdminException
K5: Returns the password policy assigned to this user.
Returns:
the password policy assigned to this user.
Throws:
AFSAdminException - If an error occurs in the native code

getPasswordExpirationDate

public GregorianCalendar getPasswordExpirationDate()
                                            throws AFSAdminException
K5: Returns the date and time the password expires. A null value indicates the password never exipres (or that there is no k5 entry for this user).
Returns:
the number of days for which a password is valid
Throws:
AFSAdminException - If an error occurs in the native code

getFailLoginCount

public int getFailLoginCount()
                      throws AFSAdminException
K5: Returns the number of failed login attempts this user is allowed before being locked out. A value of 0 indicates there is no limit.
Returns:
the number of failed login attempts a user is allowed
Throws:
AFSAdminException - If an error occurs in the native code

getMasterKeyVersion

public int getMasterKeyVersion()
                        throws AFSAdminException
K5: Returns the master key version of this user.
Returns:
the master key version
Throws:
AFSAdminException - If an error occurs in the native code

getKeyVersion

public int getKeyVersion()
                  throws AFSAdminException
K5: Returns the version of the user's key.
Returns:
the key version
Throws:
AFSAdminException - If an error occurs in the native code

getMaxRenewableLife

public int getMaxRenewableLife()
                        throws AFSAdminException
K5: Returns the the maximum renewable life of this user.
Returns:
the the the maximum renewable life of this user.
Throws:
AFSAdminException - If an error occurs in the native code

getSaltType

public int getSaltType()
                throws AFSAdminException
K5: Returns the specified salt for generating the key.
Returns:
the key version
Throws:
AFSAdminException - If an error occurs in the native code

allowsPostDatedTickets

public boolean allowsPostDatedTickets()
                               throws AFSAdminException
K5 Attribute: Tests if this principal is allowed to obtain postdated tickets.
Returns:
the attribute flag
Throws:
AFSAdminException - If an error occurs in the native code

allowsForwardableTickets

public boolean allowsForwardableTickets()
                                 throws AFSAdminException
K5 Attribute: Tests if this principal is allowed to obtain forwardable tickets.
Returns:
the attribute flag
Throws:
AFSAdminException - If an error occurs in the native code

allowsRenewableTickets

public boolean allowsRenewableTickets()
                               throws AFSAdminException
K5 Attribute: Tests if this principal is allowed to obtain renewable tickets.
Returns:
the attribute flag
Throws:
AFSAdminException - If an error occurs in the native code

allowsProxiableTickets

public boolean allowsProxiableTickets()
                               throws AFSAdminException
K5 Attribute: Tests if this principal is allowed to obtain proxiable tickets.
Returns:
the attribute flag
Throws:
AFSAdminException - If an error occurs in the native code

allowsServiceTickets

public boolean allowsServiceTickets()
                             throws AFSAdminException
K5 Attribute: Tests if this principal is allowed to obtain service tickets.
Returns:
the attribute flag
Throws:
AFSAdminException - If an error occurs in the native code

allowsDuplicateSessionKey

public boolean allowsDuplicateSessionKey()
                                  throws AFSAdminException
K5 Attribute: Tests if this principal is allowed to obtain a session key for another user. True implies that user-to-user authentication is enabled for this principal.
Returns:
the attribute flag
Throws:
AFSAdminException - If an error occurs in the native code

requiresPreAuth

public boolean requiresPreAuth()
                        throws AFSAdminException
K5 Attribute: Tests if this principal is required to preauthenticate before being allowed to kinit.
Returns:
the attribute flag
Throws:
AFSAdminException - If an error occurs in the native code

requiresHardwareAuth

public boolean requiresHardwareAuth()
                             throws AFSAdminException
K5 Attribute: Tests if this principal is required to preauthenticate using a hardware device before being allowed to kinit.
Returns:
the attribute flag
Throws:
AFSAdminException - If an error occurs in the native code

requiresPasswordChange

public boolean requiresPasswordChange()
                               throws AFSAdminException
K5 Attribute: Flag in attributes field to force a password change.
Returns:
the attribute flag
Throws:
AFSAdminException - If an error occurs in the native code

setGrantTickets

public void setGrantTickets(boolean setting)
K5: Sets whether or not TGS will issue tickets for this K5User
Parameters:
setting - whether or not TGS will issue tickets for this user

setFailLoginCount

public void setFailLoginCount(int logins)
K5: Sets the number of failed login attempts this user is allowed before being locked out. A value of 0 indicates there is no limit.
Parameters:
logins - the number of failed login attempts a user is allowed

setChangePassword

public void setChangePassword(boolean setting)
K5: Sets whether or not the user can change their password
Parameters:
setting - whether or not the user can change their password

setUserExpiration

public void setUserExpiration(GregorianCalendar expirationDate)
K5: Sets the date and time the user expires. A null value indicates the user never exipres.
Parameters:
expirationDate - the date and time the user expires

setPasswordExpiration

public void setPasswordExpiration(GregorianCalendar expirationDate)
K5: Sets the date and time the password expires. A null value indicates the password never exipres.
Parameters:
expirationDate - the date and time the user expires

setMaxTicketLifetime

public void setMaxTicketLifetime(int seconds)
K5: Sets the maximum lifetime of a ticket issued to this user (in seconds).
Parameters:
seconds - the maximum lifetime of a ticket issued to this user (in seconds).

setPasswordPolicy

public void setPasswordPolicy(K5PasswordPolicy policy)
K5: Sets the password policy for this user.
Parameters:
policy - the K5 password policy

setPassword

public void setPassword(String newPassword)
                 throws AFSAdminException
Sets the password of this user to something new. Sets the key version to 0 automatically.
Parameters:
newPassword - the new password for this user
Throws:
AFSAdminException - If an error occurs in the native code

setSaltType

public void setSaltType(int type)
                 throws AFSAdminException
K5: Sets the specified salt for generating the key.
Returns:
the key version
Throws:
AFSAdminException - If an error occurs in the native code

setPostDatedTickets

public void setPostDatedTickets(boolean flag)
                         throws AFSAdminException
K5: Sets attribute to allow/deny this principal from obtaining postdated tickets. Effectively sets the KRB5_KDB_DISALLOW_POSTDATED flag on the principal in the database if flag is false.
Parameters:
flag - the attribute flag
Throws:
AFSAdminException - If an error occurs in the native code

setForwardableTickets

public void setForwardableTickets(boolean flag)
                           throws AFSAdminException
K5: Sets attribute to allow/deny this principal from obtaining forwardable tickets. Effectively sets the KRB5_KDB_DISALLOW_FORWARDABLE flag on the principal in the database if flag is false.
Parameters:
flag - the attribute flag
Throws:
AFSAdminException - If an error occurs in the native code

setRenewableTickets

public void setRenewableTickets(boolean flag)
                         throws AFSAdminException
K5: Sets attribute to allow/deny this principal from obtaining renewable tickets. Effectively sets the KRB5_KDB_DISALLOW_RENEWABLE flag on the principal in the database if flag is false.
Parameters:
flag - the attribute flag
Throws:
AFSAdminException - If an error occurs in the native code

setProxiableTickets

public void setProxiableTickets(boolean flag)
                         throws AFSAdminException
K5: Sets attribute to allow/deny this principal from obtaining proxiable tickets. Effectively sets the KRB5_KDB_DISALLOW_PROXIABLE flag on the principal in the database if flag is false.
Parameters:
flag - the attribute flag
Throws:
AFSAdminException - If an error occurs in the native code

setServiceTickets

public void setServiceTickets(boolean flag)
                       throws AFSAdminException
K5: Sets attribute to allow/deny this principal from obtaining service tickets. Effectively sets the KRB5_KDB_DISALLOW_SVR flag on the principal in the database if flag is false.
Parameters:
flag - the attribute flag
Throws:
AFSAdminException - If an error occurs in the native code

setDuplicateSessionKey

public void setDuplicateSessionKey(boolean flag)
                            throws AFSAdminException
K5: Sets attribute to allow/deny this principal from obtaining a session key for another user. Effectively sets the KRB5_KDB_DISALLOW_DUP_SKEY flag on the principal in the database if flag is false.
Parameters:
flag - the attribute flag
Throws:
AFSAdminException - If an error occurs in the native code

setPreAuth

public void setPreAuth(boolean flag)
                throws AFSAdminException
K5: Sets attribute to require this principal to preauthenticate before being allowed to kinit, if flag is true. Effectively sets the KRB5_KDB_REQUIRES_PRE_AUTH flag on the principal in the database if flag is true.
Parameters:
flag - the attribute flag
Throws:
AFSAdminException - If an error occurs in the native code

setHardwareAuth

public void setHardwareAuth(boolean flag)
                     throws AFSAdminException
K5: Sets attribute to require this principal to preauthenticate using a hardware device before being allowed to kinit, if flag is true. Effectively sets the KRB5_KDB_REQUIRES_HW_AUTH flag on the principal in the database if flag is true.
Parameters:
flag - the attribute flag
Throws:
AFSAdminException - If an error occurs in the native code

setPasswordChange

public void setPasswordChange(boolean flag)
                       throws AFSAdminException
K5: Sets attribute to force a password change for this principal, if flag is true. Effectively sets the KRB5_KDB_REQUIRES_PWCHANGE flag on the principal in the database if flag is true.
Parameters:
flag - the attribute flag
Throws:
AFSAdminException - If an error occurs in the native code

compareTo

public int compareTo(K5User user)
Compares two K5User objects respective to their names and does not factor any other attribute. Alphabetic case is significant in comparing names.
Parameters:
user - The K5User object to be compared to this K5User instance
Returns:
Zero if the argument is equal to this User's name, a value less than zero if this User's name is lexicographically less than the argument, or a value greater than zero if this User's name is lexicographically greater than the argument

compareTo

public int compareTo(Object obj)
Comparable interface method.
See Also:
compareTo(K5User)

equals

public boolean equals(K5User otherUser)
Tests whether two K5User objects are equal, based on their names.
Parameters:
otherUser - the user to test
Returns:
whether the specifed user is the same as this user

toString

public String toString()
Returns the name of this User
Overrides:
toString in class Object
Returns:
the name of this User

Java AFS Admin (jafsadm) API for OpenAFS

Copyright (c) 2001-2002 International Business Machines Corp.
All rights reserved.
See copyright statement.