private async Task InitKerberos() { _km = new KerberosManager(new KerberosOptions { Realm = KerberosRealm, RealmKdc = KerberosRealmKdc, Principal = KerberosPrincipal, }); // S3 Path value is expected in <bucket>/<key> format var s3BucketKeyPath = KerberosKeytabS3Path.Split("/", 2, StringSplitOptions.RemoveEmptyEntries); if (s3BucketKeyPath.Length != 2) { throw new Exception("invalid Keytab S3 path"); } var getObjectRequ = new GetObjectRequest { BucketName = s3BucketKeyPath[0], Key = s3BucketKeyPath[1], }; Console.WriteLine($"Retrieving Kerberos keytab from bucket [{getObjectRequ.BucketName}] key path [{getObjectRequ.Key}]"); using (var getResp = await _s3.GetObjectAsync(getObjectRequ)) using (getResp.ResponseStream) { _km.Init(getResp.ResponseStream); } }
private async Task InitKerberos() { Console.WriteLine($"Retrieving Kerberos keytab from AWS Secrets Manager [{this.KerberosKeytabSecretId}]"); var secretRequest = new GetSecretValueRequest { SecretId = this.KerberosKeytabSecretId }; var secret = await _secretsManager.GetSecretValueAsync(secretRequest); using (secret.SecretBinary) { foreach (var kdc in this.KerberosRealmKdcs) { _km = new KerberosManager(new KerberosOptions { Realm = KerberosRealm, RealmKdc = kdc, Principal = KerberosPrincipal, }); try { _km.Init(secret.SecretBinary); return; } catch (Exception ex) { Console.WriteLine($"Exception initializing Kerberos against KDC '{kdc}': {ex}"); } } throw new Exception($"Unable to initialize Kerberos against any of the supplied KDCs."); } }