realmd | ||||
---|---|---|---|---|
Top | Description | Properties |
Join (IN (ssv) credentials, IN a{sv} options);Leave (IN (ssv) credentials, IN a{sv} options);
SuggestedAdministrator readable sSupportedJoinCredentials readable a(ss)SupportedLeaveCredentials readable a(ss)
An interface used to configure this machine by joining a realm.
It sets up a computer/host account in the realm for this machine and a keytab to track the credentials for that account.
The various properties are guaranteed to have been updated before the operation methods return, if they change state.
Join (IN (ssv) credentials, IN a{sv} options);
Join this machine to the realm and enroll the machine.
If this method returns successfully, then the machine will be joined to the realm. It is not necessary to restart services or the machine afterward. Relevant properties on the realm will be updated before the method returns.
The credentials
should be set according to one of the
supported credentials returned by
options
can contain, but is not limited to, the following values:
automatic-id-mapping
: a boolean
value whether to turn on automatic UID/GID mapping. If not
specified the default will come from realmd.conf
configuration.
operation
: a string
identifier chosen by the client, which can then later be
passed to
computer-ou
: a string
containing an LDAP DN for an organizational unit where the
computer account should be created
user-principal
: a string
containing an kerberos user principal name to be set on the
computer account
membership-software
: a string
containing the membership software identifier that the returned
realms should match.
manage-system
: a boolean
which controls whether this machine should be managed by
the realm or domain or not. Defaults to true.
This method requires authorization for the PolicyKit action
called org.freedesktop.realmd.configure-realm
.
In addition to common DBus error results, this method may return:
org.freedesktop.realmd.Error.Failed
:
may be returned if the join failed for a generic reason.
org.freedesktop.realmd.Error.Cancelled
:
returned if the operation was cancelled.
org.freedesktop.realmd.Error.NotAuthorized
:
returned if the calling client is not permitted to perform a join
operation.
org.freedesktop.realmd.Error.AuthenticationFailed
:
returned if the credentials passed did not authenticate against the realm
correctly. It is appropriate to prompt the user again.
org.freedesktop.realmd.Error.AlreadyEnrolled
:
returned if already enrolled in this realm, or if already enrolled in another realm
(if enrolling in multiple realms is not supported).
org.freedesktop.realmd.Error.BadHostname
:
returned if the machine has a hostname that is not usable for a join
or is in conflict with those in the domain.
org.freedesktop.realmd.Error.Busy
:
returned if the service is currently performing another operation like
join or leave.
|
|
|
Leave (IN (ssv) credentials, IN a{sv} options);
Leave the realm and unenroll the machine.
If this method returns successfully, then the machine will have left the domain and been unenrolled. It is not necessary to restart services or the machine afterward. Relevant properties on the realm will be updated before the method returns.
The credentials
should be set according to one of the
supported credentials returned by
options
can contain, but is not limited to, the following values:
operation
: a string
identifier chosen by the client, which can then later be
passed to
This method requires authorization for the PolicyKit action
called org.freedesktop.realmd.deconfigure-realm
.
In addition to common DBus error results, this method may return:
org.freedesktop.realmd.Error.Failed
:
may be returned if the unenroll failed for a generic reason.
org.freedesktop.realmd.Error.Cancelled
:
returned if the operation was cancelled.
org.freedesktop.realmd.Error.NotAuthorized
:
returned if the calling client is not permitted to perform an unenroll
operation.
org.freedesktop.realmd.Error.AuthenticationFailed
:
returned if the credentials passed did not authenticate against the realm
correctly. It is appropriate to prompt the user again.
org.freedesktop.realmd.Error.NotEnrolled
:
returned if not enrolled in this realm.
org.freedesktop.realmd.Error.Busy
:
returned if the service is currently performing another operation like
join or leave.
|
|
|
SuggestedAdministrator readable s
common administrator name
The common administrator name for this type of realm. This can be used by clients as a hint when prompting the user for administrative authentication.
SupportedJoinCredentials readable a(ss)
credentials supported for joining
Various kinds of credentials that are supported when calling the
Each credential is represented by a type and an owner. The type denotes which kind of credential is passed to the method. The owner indicates to the client how to prompt the user or obtain the credential, and to the service how to use the credential.
The various types are:
ccache
:
the credentials should contain an array of bytes as a
ay
containing the data from a kerberos
credential cache file.
password
:
the credentials should contain a pair of strings as a
(ss)
representing a name and
password. The name may contain a realm in the standard
kerberos format. If a realm is missing, it will default
to this realm.
secret
:
the credentials should contain a string secret as an
ay
array of bytes. This is usually used
for one time passwords. To pass a string here, encode it
in UTF-8, and place the resulting bytes in the
value.
automatic
:
the credentials should contain an empty string as a
s
. Using automatic
indicates that default or system credentials are to be
used.
The various owners are:
administrator
:
the credentials belong to a kerberos administrator principal.
The caller may use this as a hint to prompt the user
for administrative credentials.
user
:
the credentials belong to a kerberos user principal.
The caller may use this as a hint to prompt the user
for his (possibly non-administrative)
credentials.
computer
:
the credentials belong to a computer account.
none
:
the credentials have an unspecified owner, such as a one
time password.
SupportedLeaveCredentials readable a(ss)
credentials supported for leaving
Various kinds of credentials that are supported when calling the
See