private async Task InitKerberos()
{
_km = new KerberosManager(new KerberosOptions
{
Realm = KerberosRealm,
RealmKdc = KerberosRealmKdc,
Principal = KerberosPrincipal,
});
// S3 Path value is expected in <bucket>/<key> format
var s3BucketKeyPath = KerberosKeytabS3Path.Split("/", 2, StringSplitOptions.RemoveEmptyEntries);
if (s3BucketKeyPath.Length != 2)
{
throw new Exception("invalid Keytab S3 path");
}
var getObjectRequ = new GetObjectRequest
{
BucketName = s3BucketKeyPath[0],
Key = s3BucketKeyPath[1],
};
Console.WriteLine($"Retrieving Kerberos keytab from bucket [{getObjectRequ.BucketName}] key path [{getObjectRequ.Key}]");
using (var getResp = await _s3.GetObjectAsync(getObjectRequ))
using (getResp.ResponseStream)
{
_km.Init(getResp.ResponseStream);
}
}
private async Task InitKerberos()
{
Console.WriteLine($"Retrieving Kerberos keytab from AWS Secrets Manager [{this.KerberosKeytabSecretId}]");
var secretRequest = new GetSecretValueRequest {
SecretId = this.KerberosKeytabSecretId
};
var secret = await _secretsManager.GetSecretValueAsync(secretRequest);
using (secret.SecretBinary)
{
foreach (var kdc in this.KerberosRealmKdcs)
{
_km = new KerberosManager(new KerberosOptions
{
Realm = KerberosRealm,
RealmKdc = kdc,
Principal = KerberosPrincipal,
});
try
{
_km.Init(secret.SecretBinary);
return;
}
catch (Exception ex)
{
Console.WriteLine($"Exception initializing Kerberos against KDC '{kdc}': {ex}");
}
}
throw new Exception($"Unable to initialize Kerberos against any of the supplied KDCs.");
}
}
