authentik 2025.2.0, Mar 24 25

authentik 2025.2.0 published on Monday, Mar 24, 2025 by goauthentik

goauthentik/terraform-provider-authentik

authentik.SourceKerberos

Explore with Pulumi AI

authentik 2025.2.0 published on Monday, Mar 24, 2025 by goauthentik

goauthentik/terraform-provider-authentik

Create SourceKerberos Resource

Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

Constructor syntax

new SourceKerberos(name: string, args: SourceKerberosArgs, opts?: CustomResourceOptions);

@overload
def SourceKerberos(resource_name: str,
                   args: SourceKerberosArgs,
                   opts: Optional[ResourceOptions] = None)

@overload
def SourceKerberos(resource_name: str,
                   opts: Optional[ResourceOptions] = None,
                   realm: Optional[str] = None,
                   slug: Optional[str] = None,
                   source_kerberos_id: Optional[str] = None,
                   spnego_server_name: Optional[str] = None,
                   krb5_conf: Optional[str] = None,
                   name: Optional[str] = None,
                   password_login_update_internal_password: Optional[bool] = None,
                   policy_engine_mode: Optional[str] = None,
                   enrollment_flow: Optional[str] = None,
                   enabled: Optional[bool] = None,
                   authentication_flow: Optional[str] = None,
                   spnego_ccache: Optional[str] = None,
                   spnego_keytab: Optional[str] = None,
                   group_matching_mode: Optional[str] = None,
                   sync_ccache: Optional[str] = None,
                   sync_keytab: Optional[str] = None,
                   sync_password: Optional[str] = None,
                   sync_principal: Optional[str] = None,
                   sync_users: Optional[bool] = None,
                   sync_users_password: Optional[bool] = None,
                   user_matching_mode: Optional[str] = None,
                   user_path_template: Optional[str] = None,
                   uuid: Optional[str] = None)

func NewSourceKerberos(ctx *Context, name string, args SourceKerberosArgs, opts ...ResourceOption) (*SourceKerberos, error)

public SourceKerberos(string name, SourceKerberosArgs args, CustomResourceOptions? opts = null)

public SourceKerberos(String name, SourceKerberosArgs args)
public SourceKerberos(String name, SourceKerberosArgs args, CustomResourceOptions options)

type: authentik:SourceKerberos
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

Parameters

name string: The unique name of the resource.
args SourceKerberosArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

resource_name str: The unique name of the resource.
args SourceKerberosArgs: The arguments to resource properties.
opts ResourceOptions: Bag of options to control resource's behavior.

ctx Context: Context object for the current deployment.
name string: The unique name of the resource.
args SourceKerberosArgs: The arguments to resource properties.
opts ResourceOption: Bag of options to control resource's behavior.

name string: The unique name of the resource.
args SourceKerberosArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

name String: The unique name of the resource.
args SourceKerberosArgs: The arguments to resource properties.
options CustomResourceOptions: Bag of options to control resource's behavior.

Constructor example

The following reference example uses placeholder values for all input properties.

var sourceKerberosResource = new Authentik.SourceKerberos("sourceKerberosResource", new()
{
    Realm = "string",
    Slug = "string",
    SourceKerberosId = "string",
    SpnegoServerName = "string",
    Krb5Conf = "string",
    Name = "string",
    PasswordLoginUpdateInternalPassword = false,
    PolicyEngineMode = "string",
    EnrollmentFlow = "string",
    Enabled = false,
    AuthenticationFlow = "string",
    SpnegoCcache = "string",
    SpnegoKeytab = "string",
    GroupMatchingMode = "string",
    SyncCcache = "string",
    SyncKeytab = "string",
    SyncPassword = "string",
    SyncPrincipal = "string",
    SyncUsers = false,
    SyncUsersPassword = false,
    UserMatchingMode = "string",
    UserPathTemplate = "string",
    Uuid = "string",
});

example, err := authentik.NewSourceKerberos(ctx, "sourceKerberosResource", &authentik.SourceKerberosArgs{
	Realm:                               pulumi.String("string"),
	Slug:                                pulumi.String("string"),
	SourceKerberosId:                    pulumi.String("string"),
	SpnegoServerName:                    pulumi.String("string"),
	Krb5Conf:                            pulumi.String("string"),
	Name:                                pulumi.String("string"),
	PasswordLoginUpdateInternalPassword: pulumi.Bool(false),
	PolicyEngineMode:                    pulumi.String("string"),
	EnrollmentFlow:                      pulumi.String("string"),
	Enabled:                             pulumi.Bool(false),
	AuthenticationFlow:                  pulumi.String("string"),
	SpnegoCcache:                        pulumi.String("string"),
	SpnegoKeytab:                        pulumi.String("string"),
	GroupMatchingMode:                   pulumi.String("string"),
	SyncCcache:                          pulumi.String("string"),
	SyncKeytab:                          pulumi.String("string"),
	SyncPassword:                        pulumi.String("string"),
	SyncPrincipal:                       pulumi.String("string"),
	SyncUsers:                           pulumi.Bool(false),
	SyncUsersPassword:                   pulumi.Bool(false),
	UserMatchingMode:                    pulumi.String("string"),
	UserPathTemplate:                    pulumi.String("string"),
	Uuid:                                pulumi.String("string"),
})

var sourceKerberosResource = new SourceKerberos("sourceKerberosResource", SourceKerberosArgs.builder()
    .realm("string")
    .slug("string")
    .sourceKerberosId("string")
    .spnegoServerName("string")
    .krb5Conf("string")
    .name("string")
    .passwordLoginUpdateInternalPassword(false)
    .policyEngineMode("string")
    .enrollmentFlow("string")
    .enabled(false)
    .authenticationFlow("string")
    .spnegoCcache("string")
    .spnegoKeytab("string")
    .groupMatchingMode("string")
    .syncCcache("string")
    .syncKeytab("string")
    .syncPassword("string")
    .syncPrincipal("string")
    .syncUsers(false)
    .syncUsersPassword(false)
    .userMatchingMode("string")
    .userPathTemplate("string")
    .uuid("string")
    .build());

source_kerberos_resource = authentik.SourceKerberos("sourceKerberosResource",
    realm="string",
    slug="string",
    source_kerberos_id="string",
    spnego_server_name="string",
    krb5_conf="string",
    name="string",
    password_login_update_internal_password=False,
    policy_engine_mode="string",
    enrollment_flow="string",
    enabled=False,
    authentication_flow="string",
    spnego_ccache="string",
    spnego_keytab="string",
    group_matching_mode="string",
    sync_ccache="string",
    sync_keytab="string",
    sync_password="string",
    sync_principal="string",
    sync_users=False,
    sync_users_password=False,
    user_matching_mode="string",
    user_path_template="string",
    uuid="string")

const sourceKerberosResource = new authentik.SourceKerberos("sourceKerberosResource", {
    realm: "string",
    slug: "string",
    sourceKerberosId: "string",
    spnegoServerName: "string",
    krb5Conf: "string",
    name: "string",
    passwordLoginUpdateInternalPassword: false,
    policyEngineMode: "string",
    enrollmentFlow: "string",
    enabled: false,
    authenticationFlow: "string",
    spnegoCcache: "string",
    spnegoKeytab: "string",
    groupMatchingMode: "string",
    syncCcache: "string",
    syncKeytab: "string",
    syncPassword: "string",
    syncPrincipal: "string",
    syncUsers: false,
    syncUsersPassword: false,
    userMatchingMode: "string",
    userPathTemplate: "string",
    uuid: "string",
});

type: authentik:SourceKerberos
properties:
    authenticationFlow: string
    enabled: false
    enrollmentFlow: string
    groupMatchingMode: string
    krb5Conf: string
    name: string
    passwordLoginUpdateInternalPassword: false
    policyEngineMode: string
    realm: string
    slug: string
    sourceKerberosId: string
    spnegoCcache: string
    spnegoKeytab: string
    spnegoServerName: string
    syncCcache: string
    syncKeytab: string
    syncPassword: string
    syncPrincipal: string
    syncUsers: false
    syncUsersPassword: false
    userMatchingMode: string
    userPathTemplate: string
    uuid: string

SourceKerberos Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

The SourceKerberos resource accepts the following input properties:

Realm string: Kerberos realm
Slug string
AuthenticationFlow string
Enabled bool: Defaults to true.
EnrollmentFlow string
GroupMatchingMode string: Allowed values: - identifier - name_link - name_deny Defaults to identifier.
Krb5Conf string: Custom krb5.conf to use. Uses the system one by default
Name string
PasswordLoginUpdateInternalPassword bool: If enabled, the authentik-stored password will be updated upon login with the Kerberos password backend Defaults to false.
PolicyEngineMode string: Allowed values: - all - any Defaults to any.
SourceKerberosId string
SpnegoCcache string: Credential cache to use for SPNEGO in form type:residual
SpnegoKeytab string: SPNEGO keytab base64-encoded or path to keytab in the form FILE:path
SpnegoServerName string: Force the use of a specific server name for SPNEGO
SyncCcache string: Credentials cache to authenticate to kadmin for sync. Must be in the form TYPE:residual
SyncKeytab string: Keytab to authenticate to kadmin for sync. Must be base64-encoded or in the form TYPE:residual
SyncPassword string: Password to authenticate to kadmin for sync
SyncPrincipal string: Principal to authenticate to kadmin for sync.
SyncUsers bool: Sync users from Kerberos into authentik Defaults to true.
SyncUsersPassword bool: When a user changes their password, sync it back to Kerberos Defaults to true.
UserMatchingMode string: Allowed values: - identifier - email_link - email_deny - username_link - username_deny Defaults to identifier.
UserPathTemplate string: Defaults to goauthentik.io/sources/%(slug)s.
Uuid string: Generated.

Realm string: Kerberos realm
Slug string
AuthenticationFlow string
Enabled bool: Defaults to true.
EnrollmentFlow string
GroupMatchingMode string: Allowed values: - identifier - name_link - name_deny Defaults to identifier.
Krb5Conf string: Custom krb5.conf to use. Uses the system one by default
Name string
PasswordLoginUpdateInternalPassword bool: If enabled, the authentik-stored password will be updated upon login with the Kerberos password backend Defaults to false.
PolicyEngineMode string: Allowed values: - all - any Defaults to any.
SourceKerberosId string
SpnegoCcache string: Credential cache to use for SPNEGO in form type:residual
SpnegoKeytab string: SPNEGO keytab base64-encoded or path to keytab in the form FILE:path
SpnegoServerName string: Force the use of a specific server name for SPNEGO
SyncCcache string: Credentials cache to authenticate to kadmin for sync. Must be in the form TYPE:residual
SyncKeytab string: Keytab to authenticate to kadmin for sync. Must be base64-encoded or in the form TYPE:residual
SyncPassword string: Password to authenticate to kadmin for sync
SyncPrincipal string: Principal to authenticate to kadmin for sync.
SyncUsers bool: Sync users from Kerberos into authentik Defaults to true.
SyncUsersPassword bool: When a user changes their password, sync it back to Kerberos Defaults to true.
UserMatchingMode string: Allowed values: - identifier - email_link - email_deny - username_link - username_deny Defaults to identifier.
UserPathTemplate string: Defaults to goauthentik.io/sources/%(slug)s.
Uuid string: Generated.

realm String: Kerberos realm
slug String
authenticationFlow String
enabled Boolean: Defaults to true.
enrollmentFlow String
groupMatchingMode String: Allowed values: - identifier - name_link - name_deny Defaults to identifier.
krb5Conf String: Custom krb5.conf to use. Uses the system one by default
name String
passwordLoginUpdateInternalPassword Boolean: If enabled, the authentik-stored password will be updated upon login with the Kerberos password backend Defaults to false.
policyEngineMode String: Allowed values: - all - any Defaults to any.
sourceKerberosId String
spnegoCcache String: Credential cache to use for SPNEGO in form type:residual
spnegoKeytab String: SPNEGO keytab base64-encoded or path to keytab in the form FILE:path
spnegoServerName String: Force the use of a specific server name for SPNEGO
syncCcache String: Credentials cache to authenticate to kadmin for sync. Must be in the form TYPE:residual
syncKeytab String: Keytab to authenticate to kadmin for sync. Must be base64-encoded or in the form TYPE:residual
syncPassword String: Password to authenticate to kadmin for sync
syncPrincipal String: Principal to authenticate to kadmin for sync.
syncUsers Boolean: Sync users from Kerberos into authentik Defaults to true.
syncUsersPassword Boolean: When a user changes their password, sync it back to Kerberos Defaults to true.
userMatchingMode String: Allowed values: - identifier - email_link - email_deny - username_link - username_deny Defaults to identifier.
userPathTemplate String: Defaults to goauthentik.io/sources/%(slug)s.
uuid String: Generated.

realm string: Kerberos realm
slug string
authenticationFlow string
enabled boolean: Defaults to true.
enrollmentFlow string
groupMatchingMode string: Allowed values: - identifier - name_link - name_deny Defaults to identifier.
krb5Conf string: Custom krb5.conf to use. Uses the system one by default
name string
passwordLoginUpdateInternalPassword boolean: If enabled, the authentik-stored password will be updated upon login with the Kerberos password backend Defaults to false.
policyEngineMode string: Allowed values: - all - any Defaults to any.
sourceKerberosId string
spnegoCcache string: Credential cache to use for SPNEGO in form type:residual
spnegoKeytab string: SPNEGO keytab base64-encoded or path to keytab in the form FILE:path
spnegoServerName string: Force the use of a specific server name for SPNEGO
syncCcache string: Credentials cache to authenticate to kadmin for sync. Must be in the form TYPE:residual
syncKeytab string: Keytab to authenticate to kadmin for sync. Must be base64-encoded or in the form TYPE:residual
syncPassword string: Password to authenticate to kadmin for sync
syncPrincipal string: Principal to authenticate to kadmin for sync.
syncUsers boolean: Sync users from Kerberos into authentik Defaults to true.
syncUsersPassword boolean: When a user changes their password, sync it back to Kerberos Defaults to true.
userMatchingMode string: Allowed values: - identifier - email_link - email_deny - username_link - username_deny Defaults to identifier.
userPathTemplate string: Defaults to goauthentik.io/sources/%(slug)s.
uuid string: Generated.

realm str: Kerberos realm
slug str
authentication_flow str
enabled bool: Defaults to true.
enrollment_flow str
group_matching_mode str: Allowed values: - identifier - name_link - name_deny Defaults to identifier.
krb5_conf str: Custom krb5.conf to use. Uses the system one by default
name str
password_login_update_internal_password bool: If enabled, the authentik-stored password will be updated upon login with the Kerberos password backend Defaults to false.
policy_engine_mode str: Allowed values: - all - any Defaults to any.
source_kerberos_id str
spnego_ccache str: Credential cache to use for SPNEGO in form type:residual
spnego_keytab str: SPNEGO keytab base64-encoded or path to keytab in the form FILE:path
spnego_server_name str: Force the use of a specific server name for SPNEGO
sync_ccache str: Credentials cache to authenticate to kadmin for sync. Must be in the form TYPE:residual
sync_keytab str: Keytab to authenticate to kadmin for sync. Must be base64-encoded or in the form TYPE:residual
sync_password str: Password to authenticate to kadmin for sync
sync_principal str: Principal to authenticate to kadmin for sync.
sync_users bool: Sync users from Kerberos into authentik Defaults to true.
sync_users_password bool: When a user changes their password, sync it back to Kerberos Defaults to true.
user_matching_mode str: Allowed values: - identifier - email_link - email_deny - username_link - username_deny Defaults to identifier.
user_path_template str: Defaults to goauthentik.io/sources/%(slug)s.
uuid str: Generated.

realm String: Kerberos realm
slug String
authenticationFlow String
enabled Boolean: Defaults to true.
enrollmentFlow String
groupMatchingMode String: Allowed values: - identifier - name_link - name_deny Defaults to identifier.
krb5Conf String: Custom krb5.conf to use. Uses the system one by default
name String
passwordLoginUpdateInternalPassword Boolean: If enabled, the authentik-stored password will be updated upon login with the Kerberos password backend Defaults to false.
policyEngineMode String: Allowed values: - all - any Defaults to any.
sourceKerberosId String
spnegoCcache String: Credential cache to use for SPNEGO in form type:residual
spnegoKeytab String: SPNEGO keytab base64-encoded or path to keytab in the form FILE:path
spnegoServerName String: Force the use of a specific server name for SPNEGO
syncCcache String: Credentials cache to authenticate to kadmin for sync. Must be in the form TYPE:residual
syncKeytab String: Keytab to authenticate to kadmin for sync. Must be base64-encoded or in the form TYPE:residual
syncPassword String: Password to authenticate to kadmin for sync
syncPrincipal String: Principal to authenticate to kadmin for sync.
syncUsers Boolean: Sync users from Kerberos into authentik Defaults to true.
syncUsersPassword Boolean: When a user changes their password, sync it back to Kerberos Defaults to true.
userMatchingMode String: Allowed values: - identifier - email_link - email_deny - username_link - username_deny Defaults to identifier.
userPathTemplate String: Defaults to goauthentik.io/sources/%(slug)s.
uuid String: Generated.

Outputs

All input properties are implicitly available as output properties. Additionally, the SourceKerberos resource produces the following output properties:

Id string: The provider-assigned unique ID for this managed resource.

Id string: The provider-assigned unique ID for this managed resource.

id String: The provider-assigned unique ID for this managed resource.

id string: The provider-assigned unique ID for this managed resource.

id str: The provider-assigned unique ID for this managed resource.

id String: The provider-assigned unique ID for this managed resource.

Look up Existing SourceKerberos Resource

Get an existing SourceKerberos resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: SourceKerberosState, opts?: CustomResourceOptions): SourceKerberos

@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        authentication_flow: Optional[str] = None,
        enabled: Optional[bool] = None,
        enrollment_flow: Optional[str] = None,
        group_matching_mode: Optional[str] = None,
        krb5_conf: Optional[str] = None,
        name: Optional[str] = None,
        password_login_update_internal_password: Optional[bool] = None,
        policy_engine_mode: Optional[str] = None,
        realm: Optional[str] = None,
        slug: Optional[str] = None,
        source_kerberos_id: Optional[str] = None,
        spnego_ccache: Optional[str] = None,
        spnego_keytab: Optional[str] = None,
        spnego_server_name: Optional[str] = None,
        sync_ccache: Optional[str] = None,
        sync_keytab: Optional[str] = None,
        sync_password: Optional[str] = None,
        sync_principal: Optional[str] = None,
        sync_users: Optional[bool] = None,
        sync_users_password: Optional[bool] = None,
        user_matching_mode: Optional[str] = None,
        user_path_template: Optional[str] = None,
        uuid: Optional[str] = None) -> SourceKerberos

func GetSourceKerberos(ctx *Context, name string, id IDInput, state *SourceKerberosState, opts ...ResourceOption) (*SourceKerberos, error)

public static SourceKerberos Get(string name, Input<string> id, SourceKerberosState? state, CustomResourceOptions? opts = null)

public static SourceKerberos get(String name, Output<String> id, SourceKerberosState state, CustomResourceOptions options)

resources:  _:    type: authentik:SourceKerberos    get:      id: ${id}

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

resource_name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

The following state arguments are supported:

AuthenticationFlow string
Enabled bool: Defaults to true.
EnrollmentFlow string
GroupMatchingMode string: Allowed values: - identifier - name_link - name_deny Defaults to identifier.
Krb5Conf string: Custom krb5.conf to use. Uses the system one by default
Name string
PasswordLoginUpdateInternalPassword bool: If enabled, the authentik-stored password will be updated upon login with the Kerberos password backend Defaults to false.
PolicyEngineMode string: Allowed values: - all - any Defaults to any.
Realm string: Kerberos realm
Slug string
SourceKerberosId string
SpnegoCcache string: Credential cache to use for SPNEGO in form type:residual
SpnegoKeytab string: SPNEGO keytab base64-encoded or path to keytab in the form FILE:path
SpnegoServerName string: Force the use of a specific server name for SPNEGO
SyncCcache string: Credentials cache to authenticate to kadmin for sync. Must be in the form TYPE:residual
SyncKeytab string: Keytab to authenticate to kadmin for sync. Must be base64-encoded or in the form TYPE:residual
SyncPassword string: Password to authenticate to kadmin for sync
SyncPrincipal string: Principal to authenticate to kadmin for sync.
SyncUsers bool: Sync users from Kerberos into authentik Defaults to true.
SyncUsersPassword bool: When a user changes their password, sync it back to Kerberos Defaults to true.
UserMatchingMode string: Allowed values: - identifier - email_link - email_deny - username_link - username_deny Defaults to identifier.
UserPathTemplate string: Defaults to goauthentik.io/sources/%(slug)s.
Uuid string: Generated.

AuthenticationFlow string
Enabled bool: Defaults to true.
EnrollmentFlow string
GroupMatchingMode string: Allowed values: - identifier - name_link - name_deny Defaults to identifier.
Krb5Conf string: Custom krb5.conf to use. Uses the system one by default
Name string
PasswordLoginUpdateInternalPassword bool: If enabled, the authentik-stored password will be updated upon login with the Kerberos password backend Defaults to false.
PolicyEngineMode string: Allowed values: - all - any Defaults to any.
Realm string: Kerberos realm
Slug string
SourceKerberosId string
SpnegoCcache string: Credential cache to use for SPNEGO in form type:residual
SpnegoKeytab string: SPNEGO keytab base64-encoded or path to keytab in the form FILE:path
SpnegoServerName string: Force the use of a specific server name for SPNEGO
SyncCcache string: Credentials cache to authenticate to kadmin for sync. Must be in the form TYPE:residual
SyncKeytab string: Keytab to authenticate to kadmin for sync. Must be base64-encoded or in the form TYPE:residual
SyncPassword string: Password to authenticate to kadmin for sync
SyncPrincipal string: Principal to authenticate to kadmin for sync.
SyncUsers bool: Sync users from Kerberos into authentik Defaults to true.
SyncUsersPassword bool: When a user changes their password, sync it back to Kerberos Defaults to true.
UserMatchingMode string: Allowed values: - identifier - email_link - email_deny - username_link - username_deny Defaults to identifier.
UserPathTemplate string: Defaults to goauthentik.io/sources/%(slug)s.
Uuid string: Generated.

authenticationFlow String
enabled Boolean: Defaults to true.
enrollmentFlow String
groupMatchingMode String: Allowed values: - identifier - name_link - name_deny Defaults to identifier.
krb5Conf String: Custom krb5.conf to use. Uses the system one by default
name String
passwordLoginUpdateInternalPassword Boolean: If enabled, the authentik-stored password will be updated upon login with the Kerberos password backend Defaults to false.
policyEngineMode String: Allowed values: - all - any Defaults to any.
realm String: Kerberos realm
slug String
sourceKerberosId String
spnegoCcache String: Credential cache to use for SPNEGO in form type:residual
spnegoKeytab String: SPNEGO keytab base64-encoded or path to keytab in the form FILE:path
spnegoServerName String: Force the use of a specific server name for SPNEGO
syncCcache String: Credentials cache to authenticate to kadmin for sync. Must be in the form TYPE:residual
syncKeytab String: Keytab to authenticate to kadmin for sync. Must be base64-encoded or in the form TYPE:residual
syncPassword String: Password to authenticate to kadmin for sync
syncPrincipal String: Principal to authenticate to kadmin for sync.
syncUsers Boolean: Sync users from Kerberos into authentik Defaults to true.
syncUsersPassword Boolean: When a user changes their password, sync it back to Kerberos Defaults to true.
userMatchingMode String: Allowed values: - identifier - email_link - email_deny - username_link - username_deny Defaults to identifier.
userPathTemplate String: Defaults to goauthentik.io/sources/%(slug)s.
uuid String: Generated.

authenticationFlow string
enabled boolean: Defaults to true.
enrollmentFlow string
groupMatchingMode string: Allowed values: - identifier - name_link - name_deny Defaults to identifier.
krb5Conf string: Custom krb5.conf to use. Uses the system one by default
name string
passwordLoginUpdateInternalPassword boolean: If enabled, the authentik-stored password will be updated upon login with the Kerberos password backend Defaults to false.
policyEngineMode string: Allowed values: - all - any Defaults to any.
realm string: Kerberos realm
slug string
sourceKerberosId string
spnegoCcache string: Credential cache to use for SPNEGO in form type:residual
spnegoKeytab string: SPNEGO keytab base64-encoded or path to keytab in the form FILE:path
spnegoServerName string: Force the use of a specific server name for SPNEGO
syncCcache string: Credentials cache to authenticate to kadmin for sync. Must be in the form TYPE:residual
syncKeytab string: Keytab to authenticate to kadmin for sync. Must be base64-encoded or in the form TYPE:residual
syncPassword string: Password to authenticate to kadmin for sync
syncPrincipal string: Principal to authenticate to kadmin for sync.
syncUsers boolean: Sync users from Kerberos into authentik Defaults to true.
syncUsersPassword boolean: When a user changes their password, sync it back to Kerberos Defaults to true.
userMatchingMode string: Allowed values: - identifier - email_link - email_deny - username_link - username_deny Defaults to identifier.
userPathTemplate string: Defaults to goauthentik.io/sources/%(slug)s.
uuid string: Generated.

authentication_flow str
enabled bool: Defaults to true.
enrollment_flow str
group_matching_mode str: Allowed values: - identifier - name_link - name_deny Defaults to identifier.
krb5_conf str: Custom krb5.conf to use. Uses the system one by default
name str
password_login_update_internal_password bool: If enabled, the authentik-stored password will be updated upon login with the Kerberos password backend Defaults to false.
policy_engine_mode str: Allowed values: - all - any Defaults to any.
realm str: Kerberos realm
slug str
source_kerberos_id str
spnego_ccache str: Credential cache to use for SPNEGO in form type:residual
spnego_keytab str: SPNEGO keytab base64-encoded or path to keytab in the form FILE:path
spnego_server_name str: Force the use of a specific server name for SPNEGO
sync_ccache str: Credentials cache to authenticate to kadmin for sync. Must be in the form TYPE:residual
sync_keytab str: Keytab to authenticate to kadmin for sync. Must be base64-encoded or in the form TYPE:residual
sync_password str: Password to authenticate to kadmin for sync
sync_principal str: Principal to authenticate to kadmin for sync.
sync_users bool: Sync users from Kerberos into authentik Defaults to true.
sync_users_password bool: When a user changes their password, sync it back to Kerberos Defaults to true.
user_matching_mode str: Allowed values: - identifier - email_link - email_deny - username_link - username_deny Defaults to identifier.
user_path_template str: Defaults to goauthentik.io/sources/%(slug)s.
uuid str: Generated.

authenticationFlow String
enabled Boolean: Defaults to true.
enrollmentFlow String
groupMatchingMode String: Allowed values: - identifier - name_link - name_deny Defaults to identifier.
krb5Conf String: Custom krb5.conf to use. Uses the system one by default
name String
passwordLoginUpdateInternalPassword Boolean: If enabled, the authentik-stored password will be updated upon login with the Kerberos password backend Defaults to false.
policyEngineMode String: Allowed values: - all - any Defaults to any.
realm String: Kerberos realm
slug String
sourceKerberosId String
spnegoCcache String: Credential cache to use for SPNEGO in form type:residual
spnegoKeytab String: SPNEGO keytab base64-encoded or path to keytab in the form FILE:path
spnegoServerName String: Force the use of a specific server name for SPNEGO
syncCcache String: Credentials cache to authenticate to kadmin for sync. Must be in the form TYPE:residual
syncKeytab String: Keytab to authenticate to kadmin for sync. Must be base64-encoded or in the form TYPE:residual
syncPassword String: Password to authenticate to kadmin for sync
syncPrincipal String: Principal to authenticate to kadmin for sync.
syncUsers Boolean: Sync users from Kerberos into authentik Defaults to true.
syncUsersPassword Boolean: When a user changes their password, sync it back to Kerberos Defaults to true.
userMatchingMode String: Allowed values: - identifier - email_link - email_deny - username_link - username_deny Defaults to identifier.
userPathTemplate String: Defaults to goauthentik.io/sources/%(slug)s.
uuid String: Generated.

Package Details

Repository: authentik goauthentik/terraform-provider-authentik
License
Notes: This Pulumi package is based on the authentik Terraform Provider.

authentik 2025.2.0 published on Monday, Mar 24, 2025 by goauthentik

goauthentik/terraform-provider-authentik

authentik.SourceKerberos

On this page

On this page

Create SourceKerberos Resource

Constructor syntax

Parameters

Constructor example

SourceKerberos Resource Properties

Inputs

Outputs

Look up Existing SourceKerberos Resource

Package Details

On this page

On this page