This repository contains both a work-in-progress safe, idiomatic Rust bindings for libkadm5, the library to administrate a Kerberos realm that supports the Kerberos administration interface (mainly Heimdal and MIT Kerberos 5), and the underlying "unsafe" bindings generated by bindgen in kadmin-sys.
It also contains a Python API to those bindings.
These libraries will only compile against MIT krb5. However, they will allow you to communicate with an MIT krb5 KDC as well as a Heimdal KDC. In fact, these libraries are tested against both!
These are the raw bindings to libkadm5. This crate offers two features, client
and server
. You must choose one of them depending on how your application is going to interact with the KDC. By default, client
is enabled.
client
: links againstkadm5clnt
. Use this is you plan to remotely access the KDC, using kadmind's GSS-API RPC interface, like the CLI toolkadmin
does.server
: links againstkadm5srv
. Use this is you plan to directly edit the KDB from the machine where the KDC is running, like the CLI toolkadmin.local
does.
This is a safe, idiomatic Rust interface to libkadm5. This crate offers two features, client
and local
. They are similar to how kadmin-sys behaves. You should only enable one of them.
With the client
feature:
use kadmin::{KAdmin, KAdminImpl};
let princ = "user/[email protected]";
let password = "vErYsEcUrE";
let kadmin = KAdmin::builder().with_password(&princ, &password).unwrap();
dbg!("{}", kadmin.list_principals("*").unwrap());
With the local
feature:
use kadmin::{KAdmin, KAdminImpl};
let kadmin = KAdmin::builder().with_local().unwrap();
dbg!("{}", kadmin.list_principals("*").unwrap());
As far as I can tell, libkadm5 APIs are not thread safe. As such, the types provided by this crate are neither Send
nor Sync
. You must not use those with threads. You can either create a KAdmin
instance per thread, or use the kadmin::sync::KAdmin
interface that spawns a thread and sends the various commands to it. The API is not exactly the same as the non-thread-safe one, but should be close enough that switching between one or the other is easy enough. Read more about this in the documentation of the crate.
These are Python bindings to the above Rust library, using the kadmin::sync
interface to ensure thread safety. It provides two Python modules: kadmin
for remote operations, and kadmin_local
for local operations.
With kadmin
:
import kadmin
princ = "user/[email protected]"
password = "vErYsEcUrE"
kadm = kadmin.KAdmin.with_password(princ, password)
print(kadm.list_principals("*"))
With kadmin_local
:
import kadmin
kadm = kadmin.KAdmin.with_local()
print(kadm.list_principals("*"))
Licensed under the MIT License.
Just open a PR.
### Releasing
- Go to Actions > Create release PR
- Click "Run workflow" and select what you need to release and input the new version.
- Wait for the PR to be opened and the CI to pass
- Merge the PR.
- Go to Releases
- Edit the created release.
- Click "Generate release notes"
- Publish