Hi - I am interested in contributing an authentication module to the Groovy LDAP subproject. I know ApacheDS does not export keytabs, but this may be useful anyway. This is the code:

import javax.security.auth.login.Configuration
import javax.security.auth.login.AppConfigurationEntry

/**
 * Created by IntelliJ IDEA.
 * User: brett
 * Date: Feb 2, 2009
 * Time: 6:03:56 AM
 * To change this template use File | Settings | File Templates.
 */

public class GssapiConfiguration extends Configuration {

  public static final KERBEROS = "com.sun.security.auth.module.Krb5LoginModule"

  def appConfigurationEntry

  GssapiConfiguration(String principal, String keytab, String debug = "true") {
  if (!principal) {
  throw new Exception("principal is required")
  }
  if (!new File((String)keytab).exists()) {
  throw new Exception("keytab must exist")
  }
  def options = new Hashtable()
  options.put("principal", principal)
  options.put("keyTab", keytab)
  options.put("debug", debug)
  options.put("useKeyTab", "true")

  appConfigurationEntry = new AppConfigurationEntry(KERBEROS, AppConfigurationEntry.LoginModuleControlFlag.REQUIRED, options)
  }

  public AppConfigurationEntry[] getAppConfigurationEntry(String name) {
  [appConfigurationEntry] as AppConfigurationEntry[]
  }

}

########################################################

/**
 * Created by IntelliJ IDEA.
 * User: brett
 * Date: Jan 28, 2009
 * Time: 6:18:58 AM
 * To change this template use File | Settings | File Templates.
 */

import javax.naming.directory.DirContext
import javax.naming.NamingException

import javax.security.auth.Subject
import javax.naming.directory.InitialDirContext
import java.security.PrivilegedAction
import javax.security.auth.login.LoginContext
import javax.security.auth.login.Configuration

public class LdapAction implements PrivilegedAction<InitialDirContext> {

  Configuration configuration

  LdapAction(String url, String krb5, String principal, String keytab) {

  configuration = new GssapiConfiguration(principal, keytab)

  }

  DirContext getDirContextInstance(Hashtable env) throws NamingException {
  def loginContext = new LoginContext("unused", null, null, configuration)
  loginContext.login()

  def subject = loginContext.subject

  environment = env

  Subject.doAs(subject, this)
  }

  InitialDirContext run() { // called by Subject.doAs()
  new InitialDirContext(environment)
  }

}

Brett Heroux - President

The Devicesoft Organization, L.L.C. 

http://devicesoft.org