The marvel of the LoginContext

and the PrivilegedAction!
The Calypso Admin application is progressing well. I’m now able to modify all of the LDAP data for users (except the picture, that can wait for later). This is all done via credentials provided at login and stored in a LoginContext. PrivelegedActions are then performed as the authenticated subject.

Subject currentSubject = CalypsoadminApp.userContext.getSubject();
PrivilegedAction currentGetUser = new getUser(currentuser.getUid());
NamingEnumeration neUser = (NamingEnumeration)Subject.doAsPrivileged(currentSubject, currentGetUser, null);

What’s even more amazing is how well the people at JCraft have implemented LoginContexts in their native java ssh client. This will let me create a new context as [user]/admin, and run ssh commands like kadmin as that kerberos user with nothing more than:

session.setConfig("userauth.gssapi-with-mic", "com.jcraft.jsch.UserAuthGSSAPIWithMIC");

when run as a PrivilegedAction!

Summer work

You want DHCP with DDNS? Well, ya got it.
So far the fruits of the summer include:
calypso-client: registers a Linux client with the Calypso server
dhcp-installer: setups a calypso client server with DHCP with dynamic updating to PowerDNS with an LDAP backend.

Next up: Mail. Then I can move my network over to Calypso native 🙂