Apache Directory Groovy LDAP API - Draft - Kerberos client components

Kerberos client component

Short form

String hostname = "kdc.example.com";
int port = 88;

KerberosPrincipal clientPrincipal = new KerberosPrincipal( "hnelson@EXAMPLE.COM" );
String userPassword = "s3crEt";

KerberosPrincipal servicePrincipal = new KerberosPrincipal( "ldap/ldap.example.com@EXAMPLE.COM" );

KdcConnection con = new KdcConnection( hostname + ":" + port );
KerberosTicket tgt = con.getTicketGrantingTicket( clientPrincipal, userPassword );
KerberosTicket serviceTicket = con.getServiceTicket( tgt, servicePrincipal );
con.disconnect();

Long form

// ... setup variables, as above.

// Options are available on the KdcControls object.
KdcControls controls = new KdcControls();

// Set whether to request a forwardable ticket.
controls.setForwardable( true );

KdcConnection con = new KdcConnection( hostname + ":" + port );

// Use the TGT acquisition method that takes a controls object.
KerberosTicket tgt = con.getTicketGrantingTicket( clientPrincipal, userPassword, controls );
KerberosTicket serviceTicket = con.getServiceTicket( tgt, servicePrincipal );

con.disconnect();

Change Password client component

Short form

String hostname = "kdc.example.com";
int port = 464;

KerberosPrincipal targetPrincipal = new KerberosPrincipal( "hnelson@EXAMPLE.COM" );
String newPassword = "s3crEts3crEt";

KerberosTicket serviceTicket = <service ticket from Kerberos client component or JAAS>;

PasswordConnection con = new PasswordConnection( hostname + ":" + port );
con.changePassword( targetPrincipal, newPassword, serviceTicket );
con.disconnect();