Wallet::Object::Password

(Password object implementation for wallet)

SYNOPSIS

    my @name = qw(file mysql-lsdb)
    my @trace = ($user, $host, time);
    my $object = Wallet::Object::Password->create (@name, $schema, @trace);
    unless ($object->store ("the-password\n")) {
        die $object->error, "\n";
    }
    my $password = $object->get (@trace);
    $object->destroy (@trace);

DESCRIPTION

Wallet::Object::Password is an extension of Wallet::Object::File, acting as a representation of simple file objects in the wallet. The difference between the two is that if there is no data stored in a password object when a user tries to get it for the first time, then a random string suited for a password will be generated and put into the object data.

It implements the wallet object API and provides the necessary glue to store a file on the wallet server, retrieve it later, and delete it when the password object is deleted.

To use this object, the configuration option specifying where on the wallet server to store password objects must be set. See Wallet::Config for details on this configuration parameter and information about how to set wallet configuration.

METHODS

This object mostly inherits from Wallet::Object::File. See the documentation for that class for all generic methods. Below are only those methods that are overridden or behave specially for this implementation.

get(PRINCIPAL, HOSTNAME [, DATETIME])

Retrieves the current contents of the file object or undef on error. store() must be called before get() will be successful. The caller should call error() to get the error message if get() returns undef. PRINCIPAL, HOSTNAME, and DATETIME are stored as history information. PRINCIPAL should be the user who is downloading the keytab. If DATETIME isn't given, the current time is used.

FILES

PWD_FILE_BUCKET/<hash>/<file>

Password files are stored on the wallet server under the directory PWD_FILE_BUCKET as set in the wallet configuration. <hash> is the first two characters of the hex-encoded MD5 hash of the wallet password object name, used to not put too many files in the same directory. <file> is the name of the password object with all characters other than alphanumerics, underscores, and dashes replaced by % and the hex code of the character.

LIMITATIONS

The wallet implementation itself can handle arbitrary password object names. However, due to limitations in the remctld server usually used to run wallet-backend, password object names containing nul characters (ASCII 0) may not be permitted. The file system used for storing file objects may impose a length limitation on the password object name.

SEE ALSO

remctld(8), Wallet::Config(3), Wallet::Object::File(3), wallet-backend(8)

This module is part of the wallet system. The current version is available from <https://www.eyrie.org/~eagle/software/wallet/>.

AUTHOR

Jon Robertson <jonrober@stanford.edu>

Last spun 2024-05-01 from POD modified 2024-04-30