In Files

Namespace

Class/Module Index [+]

Quicksearch

OpenShift

The k5login file

k5login man page k5login URL

The k5login file contains a principal string on each line. When an auth/ access request is received and contains a principal which cannot be derived from the local username, this file is checked to determine if the principal will be granted access.

OpenShift wants to allow multiple openshift users to submit a principal to a gear. The principal is only removed when all owner IDs have been removed from the principal.

This class models that multiple ownership by inserting comment lines before the principal line. These comment lines have the form /^# id: <id string>$/ As the file is read these lines are accumulated and then when a non-comment line is encountered, the collected ID strings are attached to the principal string.

Each time a new principal/id pair is added, if the principal is present, the id is added to the ownership set.

When a principal/id pair is removed, the id is first removed and then the principal removed only if the number of remaining ids is 0

Example

# id: longidstring1 # id: longidstring2 testuser1@EXAMPLE.COM

# id: idstring1 testuser2@EXAMPLE.COM

...

Since "comment" lines form invalid principal strings no real user will ever try to authenticate with them and if they do access will be denied. Well formated lines will match as normal

The list of principals and their sets of associated IDs are represented as a hash of Sets. Each hash key is a Kerberos principal string. The hash value is a Set of strings corresponding to the associated ID strings.

The K5login.clone and K5login.compare functions provide a deep copy and deep comparison so that the k5login file is only written if changes are made.

Constants

SDK_PATH
VERSION

[Validate]

Generated with the Darkfish Rdoc Generator 2.