Unable Auth::Kerberos in Manager (closes: #707)

lemonldap-ng-common/lib/Lemonldap/NG/Common/Conf/DefaultValues.pm

@@ -71,6 +71,7 @@ sub defaultValues {
         'issuerDBSAMLPath'          => '^/saml/',
         'issuerDBSAMLRule'          => 1,
         'jsRedirect'                => 0,
+        'krbAuthnLevel'             => 3,
         'ldapAuthnLevel'            => 2,
         'ldapBase'                  => 'dc=example,dc=com',
         'ldapExportedVars'          => {

lemonldap-ng-common/lib/Lemonldap/NG/Common/Conf/ReConstants.pm

@@ -38,6 +38,7 @@ our $authParameters = {
   dbiParams => [qw(dbiAuthnLevel dbiExportedVars dbiAuthChain dbiAuthUser dbiAuthPassword dbiUserChain dbiUserUser dbiUserPassword dbiAuthTable dbiUserTable dbiAuthLoginCol dbiAuthPasswordCol dbiPasswordMailCol userPivot dbiAuthPasswordHash)],
   demoParams => [qw(demoExportedVars)],
   facebookParams => [qw(facebookAuthnLevel facebookExportedVars facebookAppId facebookAppSecret)],
+  krbParams => [qw(krbKeytab krbByJs krbAuthnLevel)],
   ldapParams => [qw(ldapAuthnLevel ldapExportedVars ldapServer ldapPort ldapBase managerDn managerPassword ldapTimeout ldapVersion ldapRaw LDAPFilter AuthLDAPFilter mailLDAPFilter ldapSearchDeref ldapGroupBase ldapGroupObjectClass ldapGroupAttributeName ldapGroupAttributeNameUser ldapGroupAttributeNameSearch ldapGroupRecursive ldapGroupAttributeNameGroup ldapPpolicyControl ldapSetPassword ldapChangePasswordAsUser ldapPwdEnc ldapUsePasswordResetAttribute ldapPasswordResetAttribute ldapPasswordResetAttributeValue ldapAllowResetExpiredPassword)],
   nullParams => [qw(nullAuthnLevel)],
   oidcParams => [qw(oidcAuthnLevel oidcRPCallbackGetParam oidcRPStateTimeout)],

lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Attributes.pm

@@ -304,6 +304,10 @@ sub attributes {
                         'k' => 'Google',
                         'v' => 'Google'
                     },
+                    {
+                        'k' => 'Kerberos',
+                        'v' => 'Kerberos'
+                    },
                     {
                         'k' => 'LDAP',
                         'v' => 'LDAP'
@@ -498,6 +502,10 @@ sub attributes {
                     'k' => 'Google',
                     'v' => 'Google'
                 },
+                {
+                    'k' => 'Kerberos',
+                    'v' => 'Kerberos'
+                },
                 {
                     'k' => 'LDAP',
                     'v' => 'LDAP'
@@ -711,6 +719,10 @@ qr/(?:(?:https?):\/\/(?:(?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.]
                     'k' => 'Google',
                     'v' => 'Google'
                 },
+                {
+                    'k' => 'Kerberos',
+                    'v' => 'Kerberos'
+                },
                 {
                     'k' => 'LDAP',
                     'v' => 'LDAP'
@@ -1175,6 +1187,17 @@ qr/^(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.])*(?:[a-zA-Z][-a-zA-Z0-
         'key' => {
             'type' => 'password'
         },
+        'krbAuthnLevel' => {
+            'default' => 3,
+            'type'    => 'int'
+        },
+        'krbByJs' => {
+            'default' => 0,
+            'type'    => 'bool'
+        },
+        'krbKeytab' => {
+            'type' => 'text'
+        },
         'ldapAllowResetExpiredPassword' => {
             'default' => 0,
             'type'    => 'bool'

lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Build/Attributes.pm

@@ -1801,6 +1801,7 @@ sub attributes {
                 { k => 'DBI',         v => 'Database (DBI)' },
                 { k => 'Facebook',    v => 'Facebook' },
                 { k => 'Google',      v => 'Google' },
+                { k => 'Kerberos',    v => 'Kerberos' },
                 { k => 'LDAP',        v => 'LDAP' },
                 { k => 'PAM',         v => 'PAM' },
                 { k => 'Radius',      v => 'Radius' },
@@ -2233,6 +2234,22 @@ m{^(?:ldapi://[^/]*/?|\w[\w\-\.]*(?::\d{1,5})?|ldap(?:s|\+tls)?://\w[\w\-\.]*(?:
             documentation => 'Null authentication level',
         },
 
+        # Kerberos
+        krbKeytab => {
+            type          => 'text',
+            documentation => 'Kerberos keytab',
+        },
+        krbByJs => {
+            type          => 'bool',
+            default       => 0,
+            documentation => 'Launch Kerberos authentication by Ajax',
+        },
+        krbAuthnLevel => {
+            type          => 'int',
+            default       => 3,
+            documentation => 'Null authentication level',
+        },
+
         # Slave
         slaveAuthnLevel => {
             type          => 'int',
@@ -2277,6 +2294,7 @@ m{^(?:ldapi://[^/]*/?|\w[\w\-\.]*(?::\d{1,5})?|ldap(?:s|\+tls)?://\w[\w\-\.]*(?:
                     { k => 'Demo',          v => 'Demo' },
                     { k => 'Facebook',      v => 'Facebook' },
                     { k => 'Google',        v => 'Google' },
+                    { k => 'Kerberos',      v => 'Kerberos' },
                     { k => 'LDAP',          v => 'LDAP' },
                     { k => 'PAM',           v => 'PAM' },
                     { k => 'Null',          v => 'None' },
@@ -2340,6 +2358,7 @@ m{^(?:ldapi://[^/]*/?|\w[\w\-\.]*(?::\d{1,5})?|ldap(?:s|\+tls)?://\w[\w\-\.]*(?:
                 { k => 'DBI',      v => 'Database (DBI)' },
                 { k => 'Facebook', v => 'Facebook' },
                 { k => 'Google',   v => 'Google' },
+                { k => 'Kerberos', v => 'Kerberos' },
                 { k => 'LDAP',     v => 'LDAP' },
                 { k => 'PAM',      v => 'PAM' },
                 { k => 'Radius',   v => 'Radius' },
@@ -2504,9 +2523,7 @@ m{^(?:ldapi://[^/]*/?|\w[\w\-\.]*(?::\d{1,5})?|ldap(?:s|\+tls)?://\w[\w\-\.]*(?:
             documentation => 'OpenID Connect allow hybrid flow',
         },
         oidcStorage        => { type => 'PerlModule', },
-        oidcStorageOptions => {
-            type => 'keyTextContainer',
-        },
+        oidcStorageOptions => { type => 'keyTextContainer', },
 
         # OpenID Connect metadata nodes
         oidcOPMetaDataNodes => {

lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Build/Tree.pm

@@ -192,6 +192,11 @@ sub tree {
                                 'facebookAppId',      'facebookAppSecret'
                             ]
                         },
+                        {
+                            title => 'krbParams',
+                            help  => 'kerberos.html',
+                            nodes => [ 'krbKeytab', 'krbByJs', 'krbAuthnLevel' ]
+                        },
                         {
                             title => 'ldapParams',
                             help  => 'authldap.html',

lemonldap-ng-manager/site/htdocs/static/languages/en.json

@@ -284,6 +284,10 @@
 "keys": "Keys",
 "keyname": "Key name",
 "keyPassword": "Key password",
+"krbAuthnLevel": "Kerberos authn level",
+"krbByJs": "Use Ajax request",
+"krbKeytab": "keytab file",
+"krbParams": "Kerberos parameters",
 "languages": "Languages",
 "latest": "Latest",
 "ldap": "LDAP",

lemonldap-ng-manager/site/htdocs/static/languages/fr.json

@@ -284,6 +284,10 @@
 "keys": "Clefs",
 "keyname": "Nom de clef",
 "keyPassword": "Mot de passe de la clef",
+"krbAuthnLevel": "Niveau d'authentification Kerberos",
+"krbByJs": "Utilise une requête Ajax",
+"krbKeytab": "Fichier keytab",
+"krbParams": "Kerberos parameters",
 "languages": "Langues",
 "latest": "Dernière",
 "ldap": "LDAP",