Viewing docs for akeyless 2.0.1
published on Monday, Apr 27, 2026 by akeyless-community
published on Monday, Apr 27, 2026 by akeyless-community
Viewing docs for akeyless 2.0.1
published on Monday, Apr 27, 2026 by akeyless-community
published on Monday, Apr 27, 2026 by akeyless-community
Kerberos Auth Method Resource
Create AuthMethodKerberos Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new AuthMethodKerberos(name: string, args?: AuthMethodKerberosArgs, opts?: CustomResourceOptions);@overload
def AuthMethodKerberos(resource_name: str,
args: Optional[AuthMethodKerberosArgs] = None,
opts: Optional[ResourceOptions] = None)
@overload
def AuthMethodKerberos(resource_name: str,
opts: Optional[ResourceOptions] = None,
access_expires: Optional[float] = None,
allowed_client_types: Optional[Sequence[str]] = None,
audit_logs_claims: Optional[Sequence[str]] = None,
auth_method_kerberos_id: Optional[str] = None,
bind_dn: Optional[str] = None,
bind_dn_password: Optional[str] = None,
bound_ips: Optional[Sequence[str]] = None,
delete_protection: Optional[str] = None,
description: Optional[str] = None,
expiration_event_ins: Optional[Sequence[str]] = None,
force_sub_claims: Optional[bool] = None,
group_attr: Optional[str] = None,
group_dn: Optional[str] = None,
group_filter: Optional[str] = None,
gw_bound_ips: Optional[Sequence[str]] = None,
jwt_ttl: Optional[float] = None,
keytab_file_data: Optional[str] = None,
krb5_conf_data: Optional[str] = None,
ldap_anonymous_search: Optional[bool] = None,
ldap_ca_cert: Optional[str] = None,
ldap_url: Optional[str] = None,
name: Optional[str] = None,
product_types: Optional[Sequence[str]] = None,
subclaims_delimiters: Optional[Sequence[str]] = None,
unique_identifier: Optional[str] = None,
user_attribute: Optional[str] = None,
user_dn: Optional[str] = None)func NewAuthMethodKerberos(ctx *Context, name string, args *AuthMethodKerberosArgs, opts ...ResourceOption) (*AuthMethodKerberos, error)public AuthMethodKerberos(string name, AuthMethodKerberosArgs? args = null, CustomResourceOptions? opts = null)
public AuthMethodKerberos(String name, AuthMethodKerberosArgs args)
public AuthMethodKerberos(String name, AuthMethodKerberosArgs args, CustomResourceOptions options)
type: akeyless:AuthMethodKerberos
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
resource "akeyless_authmethodkerberos" "name" {
# resource properties
}Parameters
- name string
- The unique name of the resource.
- args AuthMethodKerberosArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args AuthMethodKerberosArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args AuthMethodKerberosArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args AuthMethodKerberosArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args AuthMethodKerberosArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var authMethodKerberosResource = new Akeyless.AuthMethodKerberos("authMethodKerberosResource", new()
{
AccessExpires = 0,
AllowedClientTypes = new[]
{
"string",
},
AuditLogsClaims = new[]
{
"string",
},
AuthMethodKerberosId = "string",
BindDn = "string",
BindDnPassword = "string",
BoundIps = new[]
{
"string",
},
DeleteProtection = "string",
Description = "string",
ExpirationEventIns = new[]
{
"string",
},
ForceSubClaims = false,
GroupAttr = "string",
GroupDn = "string",
GroupFilter = "string",
GwBoundIps = new[]
{
"string",
},
JwtTtl = 0,
KeytabFileData = "string",
Krb5ConfData = "string",
LdapAnonymousSearch = false,
LdapCaCert = "string",
LdapUrl = "string",
Name = "string",
ProductTypes = new[]
{
"string",
},
SubclaimsDelimiters = new[]
{
"string",
},
UniqueIdentifier = "string",
UserAttribute = "string",
UserDn = "string",
});
example, err := akeyless.NewAuthMethodKerberos(ctx, "authMethodKerberosResource", &akeyless.AuthMethodKerberosArgs{
AccessExpires: pulumi.Float64(0),
AllowedClientTypes: pulumi.StringArray{
pulumi.String("string"),
},
AuditLogsClaims: pulumi.StringArray{
pulumi.String("string"),
},
AuthMethodKerberosId: pulumi.String("string"),
BindDn: pulumi.String("string"),
BindDnPassword: pulumi.String("string"),
BoundIps: pulumi.StringArray{
pulumi.String("string"),
},
DeleteProtection: pulumi.String("string"),
Description: pulumi.String("string"),
ExpirationEventIns: pulumi.StringArray{
pulumi.String("string"),
},
ForceSubClaims: pulumi.Bool(false),
GroupAttr: pulumi.String("string"),
GroupDn: pulumi.String("string"),
GroupFilter: pulumi.String("string"),
GwBoundIps: pulumi.StringArray{
pulumi.String("string"),
},
JwtTtl: pulumi.Float64(0),
KeytabFileData: pulumi.String("string"),
Krb5ConfData: pulumi.String("string"),
LdapAnonymousSearch: pulumi.Bool(false),
LdapCaCert: pulumi.String("string"),
LdapUrl: pulumi.String("string"),
Name: pulumi.String("string"),
ProductTypes: pulumi.StringArray{
pulumi.String("string"),
},
SubclaimsDelimiters: pulumi.StringArray{
pulumi.String("string"),
},
UniqueIdentifier: pulumi.String("string"),
UserAttribute: pulumi.String("string"),
UserDn: pulumi.String("string"),
})
resource "akeyless_authmethodkerberos" "authMethodKerberosResource" {
access_expires = 0
allowed_client_types = ["string"]
audit_logs_claims = ["string"]
auth_method_kerberos_id = "string"
bind_dn = "string"
bind_dn_password = "string"
bound_ips = ["string"]
delete_protection = "string"
description = "string"
expiration_event_ins = ["string"]
force_sub_claims = false
group_attr = "string"
group_dn = "string"
group_filter = "string"
gw_bound_ips = ["string"]
jwt_ttl = 0
keytab_file_data = "string"
krb5_conf_data = "string"
ldap_anonymous_search = false
ldap_ca_cert = "string"
ldap_url = "string"
name = "string"
product_types = ["string"]
subclaims_delimiters = ["string"]
unique_identifier = "string"
user_attribute = "string"
user_dn = "string"
}
var authMethodKerberosResource = new AuthMethodKerberos("authMethodKerberosResource", AuthMethodKerberosArgs.builder()
.accessExpires(0.0)
.allowedClientTypes("string")
.auditLogsClaims("string")
.authMethodKerberosId("string")
.bindDn("string")
.bindDnPassword("string")
.boundIps("string")
.deleteProtection("string")
.description("string")
.expirationEventIns("string")
.forceSubClaims(false)
.groupAttr("string")
.groupDn("string")
.groupFilter("string")
.gwBoundIps("string")
.jwtTtl(0.0)
.keytabFileData("string")
.krb5ConfData("string")
.ldapAnonymousSearch(false)
.ldapCaCert("string")
.ldapUrl("string")
.name("string")
.productTypes("string")
.subclaimsDelimiters("string")
.uniqueIdentifier("string")
.userAttribute("string")
.userDn("string")
.build());
auth_method_kerberos_resource = akeyless.AuthMethodKerberos("authMethodKerberosResource",
access_expires=float(0),
allowed_client_types=["string"],
audit_logs_claims=["string"],
auth_method_kerberos_id="string",
bind_dn="string",
bind_dn_password="string",
bound_ips=["string"],
delete_protection="string",
description="string",
expiration_event_ins=["string"],
force_sub_claims=False,
group_attr="string",
group_dn="string",
group_filter="string",
gw_bound_ips=["string"],
jwt_ttl=float(0),
keytab_file_data="string",
krb5_conf_data="string",
ldap_anonymous_search=False,
ldap_ca_cert="string",
ldap_url="string",
name="string",
product_types=["string"],
subclaims_delimiters=["string"],
unique_identifier="string",
user_attribute="string",
user_dn="string")
const authMethodKerberosResource = new akeyless.AuthMethodKerberos("authMethodKerberosResource", {
accessExpires: 0,
allowedClientTypes: ["string"],
auditLogsClaims: ["string"],
authMethodKerberosId: "string",
bindDn: "string",
bindDnPassword: "string",
boundIps: ["string"],
deleteProtection: "string",
description: "string",
expirationEventIns: ["string"],
forceSubClaims: false,
groupAttr: "string",
groupDn: "string",
groupFilter: "string",
gwBoundIps: ["string"],
jwtTtl: 0,
keytabFileData: "string",
krb5ConfData: "string",
ldapAnonymousSearch: false,
ldapCaCert: "string",
ldapUrl: "string",
name: "string",
productTypes: ["string"],
subclaimsDelimiters: ["string"],
uniqueIdentifier: "string",
userAttribute: "string",
userDn: "string",
});
type: akeyless:AuthMethodKerberos
properties:
accessExpires: 0
allowedClientTypes:
- string
auditLogsClaims:
- string
authMethodKerberosId: string
bindDn: string
bindDnPassword: string
boundIps:
- string
deleteProtection: string
description: string
expirationEventIns:
- string
forceSubClaims: false
groupAttr: string
groupDn: string
groupFilter: string
gwBoundIps:
- string
jwtTtl: 0
keytabFileData: string
krb5ConfData: string
ldapAnonymousSearch: false
ldapCaCert: string
ldapUrl: string
name: string
productTypes:
- string
subclaimsDelimiters:
- string
uniqueIdentifier: string
userAttribute: string
userDn: string
AuthMethodKerberos Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The AuthMethodKerberos resource accepts the following input properties:
- Access
Expires double - Access expiration date in Unix timestamp (select 0 for access without expiry date)
- Allowed
Client List<string>Types - Limit the auth method usage for specific client types [cli,ui,gateway-admin,sdk,mobile,extension]
- Audit
Logs List<string>Claims - Subclaims to include in audit logs
- Auth
Method stringKerberos Id - The ID of this resource.
- Bind
Dn string - Bind DN
- Bind
Dn stringPassword - Bind DN password
- Bound
Ips List<string> - A comma-separated CIDR block list to allow client access
- Delete
Protection string - Protection from accidental deletion of this object, [true/false]
- Description string
- Auth Method description
- Expiration
Event List<string>Ins - How many days before the expiration of the auth method would you like to be notified
- Force
Sub boolClaims - enforce role-association must include sub claims
- Group
Attr string - Group attribute
- Group
Dn string - Group DN
- Group
Filter string - Group filter
- Gw
Bound List<string>Ips - A comma-separated CIDR block list as a trusted Gateway entity
- Jwt
Ttl double - creds expiration time in minutes. If not set, use default according to account settings (see get-account-settings)
- Keytab
File stringData - Keytab file data (base64 encoded)
- Krb5Conf
Data string - Kerberos configuration file data (base64 encoded)
- Ldap
Anonymous boolSearch - Enable LDAP anonymous search
- Ldap
Ca stringCert - LDAP CA certificate
- Ldap
Url string - LDAP URL
- Name string
- Auth Method name
- Product
Types List<string> - Choose the relevant product type for the auth method [sm, sra, pm, dp, ca]
- Subclaims
Delimiters List<string> - A list of additional sub claims delimiters
- Unique
Identifier string - A unique identifier (ID) value should be configured. Whenever a user logs in with a token, these authentication types issue a sub claim that contains details uniquely identifying that user. This sub claim includes a key containing the ID value that you configured, and is used to distinguish between different users from within the same organization.
- User
Attribute string - User attribute
- User
Dn string - User DN
- Access
Expires float64 - Access expiration date in Unix timestamp (select 0 for access without expiry date)
- Allowed
Client []stringTypes - Limit the auth method usage for specific client types [cli,ui,gateway-admin,sdk,mobile,extension]
- Audit
Logs []stringClaims - Subclaims to include in audit logs
- Auth
Method stringKerberos Id - The ID of this resource.
- Bind
Dn string - Bind DN
- Bind
Dn stringPassword - Bind DN password
- Bound
Ips []string - A comma-separated CIDR block list to allow client access
- Delete
Protection string - Protection from accidental deletion of this object, [true/false]
- Description string
- Auth Method description
- Expiration
Event []stringIns - How many days before the expiration of the auth method would you like to be notified
- Force
Sub boolClaims - enforce role-association must include sub claims
- Group
Attr string - Group attribute
- Group
Dn string - Group DN
- Group
Filter string - Group filter
- Gw
Bound []stringIps - A comma-separated CIDR block list as a trusted Gateway entity
- Jwt
Ttl float64 - creds expiration time in minutes. If not set, use default according to account settings (see get-account-settings)
- Keytab
File stringData - Keytab file data (base64 encoded)
- Krb5Conf
Data string - Kerberos configuration file data (base64 encoded)
- Ldap
Anonymous boolSearch - Enable LDAP anonymous search
- Ldap
Ca stringCert - LDAP CA certificate
- Ldap
Url string - LDAP URL
- Name string
- Auth Method name
- Product
Types []string - Choose the relevant product type for the auth method [sm, sra, pm, dp, ca]
- Subclaims
Delimiters []string - A list of additional sub claims delimiters
- Unique
Identifier string - A unique identifier (ID) value should be configured. Whenever a user logs in with a token, these authentication types issue a sub claim that contains details uniquely identifying that user. This sub claim includes a key containing the ID value that you configured, and is used to distinguish between different users from within the same organization.
- User
Attribute string - User attribute
- User
Dn string - User DN
- access_
expires number - Access expiration date in Unix timestamp (select 0 for access without expiry date)
- allowed_
client_ list(string)types - Limit the auth method usage for specific client types [cli,ui,gateway-admin,sdk,mobile,extension]
- audit_
logs_ list(string)claims - Subclaims to include in audit logs
- auth_
method_ stringkerberos_ id - The ID of this resource.
- bind_
dn string - Bind DN
- bind_
dn_ stringpassword - Bind DN password
- bound_
ips list(string) - A comma-separated CIDR block list to allow client access
- delete_
protection string - Protection from accidental deletion of this object, [true/false]
- description string
- Auth Method description
- expiration_
event_ list(string)ins - How many days before the expiration of the auth method would you like to be notified
- force_
sub_ boolclaims - enforce role-association must include sub claims
- group_
attr string - Group attribute
- group_
dn string - Group DN
- group_
filter string - Group filter
- gw_
bound_ list(string)ips - A comma-separated CIDR block list as a trusted Gateway entity
- jwt_
ttl number - creds expiration time in minutes. If not set, use default according to account settings (see get-account-settings)
- keytab_
file_ stringdata - Keytab file data (base64 encoded)
- krb5_
conf_ stringdata - Kerberos configuration file data (base64 encoded)
- ldap_
anonymous_ boolsearch - Enable LDAP anonymous search
- ldap_
ca_ stringcert - LDAP CA certificate
- ldap_
url string - LDAP URL
- name string
- Auth Method name
- product_
types list(string) - Choose the relevant product type for the auth method [sm, sra, pm, dp, ca]
- subclaims_
delimiters list(string) - A list of additional sub claims delimiters
- unique_
identifier string - A unique identifier (ID) value should be configured. Whenever a user logs in with a token, these authentication types issue a sub claim that contains details uniquely identifying that user. This sub claim includes a key containing the ID value that you configured, and is used to distinguish between different users from within the same organization.
- user_
attribute string - User attribute
- user_
dn string - User DN
- access
Expires Double - Access expiration date in Unix timestamp (select 0 for access without expiry date)
- allowed
Client List<String>Types - Limit the auth method usage for specific client types [cli,ui,gateway-admin,sdk,mobile,extension]
- audit
Logs List<String>Claims - Subclaims to include in audit logs
- auth
Method StringKerberos Id - The ID of this resource.
- bind
Dn String - Bind DN
- bind
Dn StringPassword - Bind DN password
- bound
Ips List<String> - A comma-separated CIDR block list to allow client access
- delete
Protection String - Protection from accidental deletion of this object, [true/false]
- description String
- Auth Method description
- expiration
Event List<String>Ins - How many days before the expiration of the auth method would you like to be notified
- force
Sub BooleanClaims - enforce role-association must include sub claims
- group
Attr String - Group attribute
- group
Dn String - Group DN
- group
Filter String - Group filter
- gw
Bound List<String>Ips - A comma-separated CIDR block list as a trusted Gateway entity
- jwt
Ttl Double - creds expiration time in minutes. If not set, use default according to account settings (see get-account-settings)
- keytab
File StringData - Keytab file data (base64 encoded)
- krb5Conf
Data String - Kerberos configuration file data (base64 encoded)
- ldap
Anonymous BooleanSearch - Enable LDAP anonymous search
- ldap
Ca StringCert - LDAP CA certificate
- ldap
Url String - LDAP URL
- name String
- Auth Method name
- product
Types List<String> - Choose the relevant product type for the auth method [sm, sra, pm, dp, ca]
- subclaims
Delimiters List<String> - A list of additional sub claims delimiters
- unique
Identifier String - A unique identifier (ID) value should be configured. Whenever a user logs in with a token, these authentication types issue a sub claim that contains details uniquely identifying that user. This sub claim includes a key containing the ID value that you configured, and is used to distinguish between different users from within the same organization.
- user
Attribute String - User attribute
- user
Dn String - User DN
- access
Expires number - Access expiration date in Unix timestamp (select 0 for access without expiry date)
- allowed
Client string[]Types - Limit the auth method usage for specific client types [cli,ui,gateway-admin,sdk,mobile,extension]
- audit
Logs string[]Claims - Subclaims to include in audit logs
- auth
Method stringKerberos Id - The ID of this resource.
- bind
Dn string - Bind DN
- bind
Dn stringPassword - Bind DN password
- bound
Ips string[] - A comma-separated CIDR block list to allow client access
- delete
Protection string - Protection from accidental deletion of this object, [true/false]
- description string
- Auth Method description
- expiration
Event string[]Ins - How many days before the expiration of the auth method would you like to be notified
- force
Sub booleanClaims - enforce role-association must include sub claims
- group
Attr string - Group attribute
- group
Dn string - Group DN
- group
Filter string - Group filter
- gw
Bound string[]Ips - A comma-separated CIDR block list as a trusted Gateway entity
- jwt
Ttl number - creds expiration time in minutes. If not set, use default according to account settings (see get-account-settings)
- keytab
File stringData - Keytab file data (base64 encoded)
- krb5Conf
Data string - Kerberos configuration file data (base64 encoded)
- ldap
Anonymous booleanSearch - Enable LDAP anonymous search
- ldap
Ca stringCert - LDAP CA certificate
- ldap
Url string - LDAP URL
- name string
- Auth Method name
- product
Types string[] - Choose the relevant product type for the auth method [sm, sra, pm, dp, ca]
- subclaims
Delimiters string[] - A list of additional sub claims delimiters
- unique
Identifier string - A unique identifier (ID) value should be configured. Whenever a user logs in with a token, these authentication types issue a sub claim that contains details uniquely identifying that user. This sub claim includes a key containing the ID value that you configured, and is used to distinguish between different users from within the same organization.
- user
Attribute string - User attribute
- user
Dn string - User DN
- access_
expires float - Access expiration date in Unix timestamp (select 0 for access without expiry date)
- allowed_
client_ Sequence[str]types - Limit the auth method usage for specific client types [cli,ui,gateway-admin,sdk,mobile,extension]
- audit_
logs_ Sequence[str]claims - Subclaims to include in audit logs
- auth_
method_ strkerberos_ id - The ID of this resource.
- bind_
dn str - Bind DN
- bind_
dn_ strpassword - Bind DN password
- bound_
ips Sequence[str] - A comma-separated CIDR block list to allow client access
- delete_
protection str - Protection from accidental deletion of this object, [true/false]
- description str
- Auth Method description
- expiration_
event_ Sequence[str]ins - How many days before the expiration of the auth method would you like to be notified
- force_
sub_ boolclaims - enforce role-association must include sub claims
- group_
attr str - Group attribute
- group_
dn str - Group DN
- group_
filter str - Group filter
- gw_
bound_ Sequence[str]ips - A comma-separated CIDR block list as a trusted Gateway entity
- jwt_
ttl float - creds expiration time in minutes. If not set, use default according to account settings (see get-account-settings)
- keytab_
file_ strdata - Keytab file data (base64 encoded)
- krb5_
conf_ strdata - Kerberos configuration file data (base64 encoded)
- ldap_
anonymous_ boolsearch - Enable LDAP anonymous search
- ldap_
ca_ strcert - LDAP CA certificate
- ldap_
url str - LDAP URL
- name str
- Auth Method name
- product_
types Sequence[str] - Choose the relevant product type for the auth method [sm, sra, pm, dp, ca]
- subclaims_
delimiters Sequence[str] - A list of additional sub claims delimiters
- unique_
identifier str - A unique identifier (ID) value should be configured. Whenever a user logs in with a token, these authentication types issue a sub claim that contains details uniquely identifying that user. This sub claim includes a key containing the ID value that you configured, and is used to distinguish between different users from within the same organization.
- user_
attribute str - User attribute
- user_
dn str - User DN
- access
Expires Number - Access expiration date in Unix timestamp (select 0 for access without expiry date)
- allowed
Client List<String>Types - Limit the auth method usage for specific client types [cli,ui,gateway-admin,sdk,mobile,extension]
- audit
Logs List<String>Claims - Subclaims to include in audit logs
- auth
Method StringKerberos Id - The ID of this resource.
- bind
Dn String - Bind DN
- bind
Dn StringPassword - Bind DN password
- bound
Ips List<String> - A comma-separated CIDR block list to allow client access
- delete
Protection String - Protection from accidental deletion of this object, [true/false]
- description String
- Auth Method description
- expiration
Event List<String>Ins - How many days before the expiration of the auth method would you like to be notified
- force
Sub BooleanClaims - enforce role-association must include sub claims
- group
Attr String - Group attribute
- group
Dn String - Group DN
- group
Filter String - Group filter
- gw
Bound List<String>Ips - A comma-separated CIDR block list as a trusted Gateway entity
- jwt
Ttl Number - creds expiration time in minutes. If not set, use default according to account settings (see get-account-settings)
- keytab
File StringData - Keytab file data (base64 encoded)
- krb5Conf
Data String - Kerberos configuration file data (base64 encoded)
- ldap
Anonymous BooleanSearch - Enable LDAP anonymous search
- ldap
Ca StringCert - LDAP CA certificate
- ldap
Url String - LDAP URL
- name String
- Auth Method name
- product
Types List<String> - Choose the relevant product type for the auth method [sm, sra, pm, dp, ca]
- subclaims
Delimiters List<String> - A list of additional sub claims delimiters
- unique
Identifier String - A unique identifier (ID) value should be configured. Whenever a user logs in with a token, these authentication types issue a sub claim that contains details uniquely identifying that user. This sub claim includes a key containing the ID value that you configured, and is used to distinguish between different users from within the same organization.
- user
Attribute String - User attribute
- user
Dn String - User DN
Outputs
All input properties are implicitly available as output properties. Additionally, the AuthMethodKerberos resource produces the following output properties:
Look up Existing AuthMethodKerberos Resource
Get an existing AuthMethodKerberos resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: AuthMethodKerberosState, opts?: CustomResourceOptions): AuthMethodKerberos@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
access_expires: Optional[float] = None,
access_id: Optional[str] = None,
allowed_client_types: Optional[Sequence[str]] = None,
audit_logs_claims: Optional[Sequence[str]] = None,
auth_method_kerberos_id: Optional[str] = None,
bind_dn: Optional[str] = None,
bind_dn_password: Optional[str] = None,
bound_ips: Optional[Sequence[str]] = None,
delete_protection: Optional[str] = None,
description: Optional[str] = None,
expiration_event_ins: Optional[Sequence[str]] = None,
force_sub_claims: Optional[bool] = None,
group_attr: Optional[str] = None,
group_dn: Optional[str] = None,
group_filter: Optional[str] = None,
gw_bound_ips: Optional[Sequence[str]] = None,
jwt_ttl: Optional[float] = None,
keytab_file_data: Optional[str] = None,
krb5_conf_data: Optional[str] = None,
ldap_anonymous_search: Optional[bool] = None,
ldap_ca_cert: Optional[str] = None,
ldap_url: Optional[str] = None,
name: Optional[str] = None,
product_types: Optional[Sequence[str]] = None,
subclaims_delimiters: Optional[Sequence[str]] = None,
unique_identifier: Optional[str] = None,
user_attribute: Optional[str] = None,
user_dn: Optional[str] = None) -> AuthMethodKerberosfunc GetAuthMethodKerberos(ctx *Context, name string, id IDInput, state *AuthMethodKerberosState, opts ...ResourceOption) (*AuthMethodKerberos, error)public static AuthMethodKerberos Get(string name, Input<string> id, AuthMethodKerberosState? state, CustomResourceOptions? opts = null)public static AuthMethodKerberos get(String name, Output<String> id, AuthMethodKerberosState state, CustomResourceOptions options)resources: _: type: akeyless:AuthMethodKerberos get: id: ${id}import {
to = akeyless_authmethodkerberos.example
id = "${id}"
}
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Access
Expires double - Access expiration date in Unix timestamp (select 0 for access without expiry date)
- Access
Id string - Auth Method access ID
- Allowed
Client List<string>Types - Limit the auth method usage for specific client types [cli,ui,gateway-admin,sdk,mobile,extension]
- Audit
Logs List<string>Claims - Subclaims to include in audit logs
- Auth
Method stringKerberos Id - The ID of this resource.
- Bind
Dn string - Bind DN
- Bind
Dn stringPassword - Bind DN password
- Bound
Ips List<string> - A comma-separated CIDR block list to allow client access
- Delete
Protection string - Protection from accidental deletion of this object, [true/false]
- Description string
- Auth Method description
- Expiration
Event List<string>Ins - How many days before the expiration of the auth method would you like to be notified
- Force
Sub boolClaims - enforce role-association must include sub claims
- Group
Attr string - Group attribute
- Group
Dn string - Group DN
- Group
Filter string - Group filter
- Gw
Bound List<string>Ips - A comma-separated CIDR block list as a trusted Gateway entity
- Jwt
Ttl double - creds expiration time in minutes. If not set, use default according to account settings (see get-account-settings)
- Keytab
File stringData - Keytab file data (base64 encoded)
- Krb5Conf
Data string - Kerberos configuration file data (base64 encoded)
- Ldap
Anonymous boolSearch - Enable LDAP anonymous search
- Ldap
Ca stringCert - LDAP CA certificate
- Ldap
Url string - LDAP URL
- Name string
- Auth Method name
- Product
Types List<string> - Choose the relevant product type for the auth method [sm, sra, pm, dp, ca]
- Subclaims
Delimiters List<string> - A list of additional sub claims delimiters
- Unique
Identifier string - A unique identifier (ID) value should be configured. Whenever a user logs in with a token, these authentication types issue a sub claim that contains details uniquely identifying that user. This sub claim includes a key containing the ID value that you configured, and is used to distinguish between different users from within the same organization.
- User
Attribute string - User attribute
- User
Dn string - User DN
- Access
Expires float64 - Access expiration date in Unix timestamp (select 0 for access without expiry date)
- Access
Id string - Auth Method access ID
- Allowed
Client []stringTypes - Limit the auth method usage for specific client types [cli,ui,gateway-admin,sdk,mobile,extension]
- Audit
Logs []stringClaims - Subclaims to include in audit logs
- Auth
Method stringKerberos Id - The ID of this resource.
- Bind
Dn string - Bind DN
- Bind
Dn stringPassword - Bind DN password
- Bound
Ips []string - A comma-separated CIDR block list to allow client access
- Delete
Protection string - Protection from accidental deletion of this object, [true/false]
- Description string
- Auth Method description
- Expiration
Event []stringIns - How many days before the expiration of the auth method would you like to be notified
- Force
Sub boolClaims - enforce role-association must include sub claims
- Group
Attr string - Group attribute
- Group
Dn string - Group DN
- Group
Filter string - Group filter
- Gw
Bound []stringIps - A comma-separated CIDR block list as a trusted Gateway entity
- Jwt
Ttl float64 - creds expiration time in minutes. If not set, use default according to account settings (see get-account-settings)
- Keytab
File stringData - Keytab file data (base64 encoded)
- Krb5Conf
Data string - Kerberos configuration file data (base64 encoded)
- Ldap
Anonymous boolSearch - Enable LDAP anonymous search
- Ldap
Ca stringCert - LDAP CA certificate
- Ldap
Url string - LDAP URL
- Name string
- Auth Method name
- Product
Types []string - Choose the relevant product type for the auth method [sm, sra, pm, dp, ca]
- Subclaims
Delimiters []string - A list of additional sub claims delimiters
- Unique
Identifier string - A unique identifier (ID) value should be configured. Whenever a user logs in with a token, these authentication types issue a sub claim that contains details uniquely identifying that user. This sub claim includes a key containing the ID value that you configured, and is used to distinguish between different users from within the same organization.
- User
Attribute string - User attribute
- User
Dn string - User DN
- access_
expires number - Access expiration date in Unix timestamp (select 0 for access without expiry date)
- access_
id string - Auth Method access ID
- allowed_
client_ list(string)types - Limit the auth method usage for specific client types [cli,ui,gateway-admin,sdk,mobile,extension]
- audit_
logs_ list(string)claims - Subclaims to include in audit logs
- auth_
method_ stringkerberos_ id - The ID of this resource.
- bind_
dn string - Bind DN
- bind_
dn_ stringpassword - Bind DN password
- bound_
ips list(string) - A comma-separated CIDR block list to allow client access
- delete_
protection string - Protection from accidental deletion of this object, [true/false]
- description string
- Auth Method description
- expiration_
event_ list(string)ins - How many days before the expiration of the auth method would you like to be notified
- force_
sub_ boolclaims - enforce role-association must include sub claims
- group_
attr string - Group attribute
- group_
dn string - Group DN
- group_
filter string - Group filter
- gw_
bound_ list(string)ips - A comma-separated CIDR block list as a trusted Gateway entity
- jwt_
ttl number - creds expiration time in minutes. If not set, use default according to account settings (see get-account-settings)
- keytab_
file_ stringdata - Keytab file data (base64 encoded)
- krb5_
conf_ stringdata - Kerberos configuration file data (base64 encoded)
- ldap_
anonymous_ boolsearch - Enable LDAP anonymous search
- ldap_
ca_ stringcert - LDAP CA certificate
- ldap_
url string - LDAP URL
- name string
- Auth Method name
- product_
types list(string) - Choose the relevant product type for the auth method [sm, sra, pm, dp, ca]
- subclaims_
delimiters list(string) - A list of additional sub claims delimiters
- unique_
identifier string - A unique identifier (ID) value should be configured. Whenever a user logs in with a token, these authentication types issue a sub claim that contains details uniquely identifying that user. This sub claim includes a key containing the ID value that you configured, and is used to distinguish between different users from within the same organization.
- user_
attribute string - User attribute
- user_
dn string - User DN
- access
Expires Double - Access expiration date in Unix timestamp (select 0 for access without expiry date)
- access
Id String - Auth Method access ID
- allowed
Client List<String>Types - Limit the auth method usage for specific client types [cli,ui,gateway-admin,sdk,mobile,extension]
- audit
Logs List<String>Claims - Subclaims to include in audit logs
- auth
Method StringKerberos Id - The ID of this resource.
- bind
Dn String - Bind DN
- bind
Dn StringPassword - Bind DN password
- bound
Ips List<String> - A comma-separated CIDR block list to allow client access
- delete
Protection String - Protection from accidental deletion of this object, [true/false]
- description String
- Auth Method description
- expiration
Event List<String>Ins - How many days before the expiration of the auth method would you like to be notified
- force
Sub BooleanClaims - enforce role-association must include sub claims
- group
Attr String - Group attribute
- group
Dn String - Group DN
- group
Filter String - Group filter
- gw
Bound List<String>Ips - A comma-separated CIDR block list as a trusted Gateway entity
- jwt
Ttl Double - creds expiration time in minutes. If not set, use default according to account settings (see get-account-settings)
- keytab
File StringData - Keytab file data (base64 encoded)
- krb5Conf
Data String - Kerberos configuration file data (base64 encoded)
- ldap
Anonymous BooleanSearch - Enable LDAP anonymous search
- ldap
Ca StringCert - LDAP CA certificate
- ldap
Url String - LDAP URL
- name String
- Auth Method name
- product
Types List<String> - Choose the relevant product type for the auth method [sm, sra, pm, dp, ca]
- subclaims
Delimiters List<String> - A list of additional sub claims delimiters
- unique
Identifier String - A unique identifier (ID) value should be configured. Whenever a user logs in with a token, these authentication types issue a sub claim that contains details uniquely identifying that user. This sub claim includes a key containing the ID value that you configured, and is used to distinguish between different users from within the same organization.
- user
Attribute String - User attribute
- user
Dn String - User DN
- access
Expires number - Access expiration date in Unix timestamp (select 0 for access without expiry date)
- access
Id string - Auth Method access ID
- allowed
Client string[]Types - Limit the auth method usage for specific client types [cli,ui,gateway-admin,sdk,mobile,extension]
- audit
Logs string[]Claims - Subclaims to include in audit logs
- auth
Method stringKerberos Id - The ID of this resource.
- bind
Dn string - Bind DN
- bind
Dn stringPassword - Bind DN password
- bound
Ips string[] - A comma-separated CIDR block list to allow client access
- delete
Protection string - Protection from accidental deletion of this object, [true/false]
- description string
- Auth Method description
- expiration
Event string[]Ins - How many days before the expiration of the auth method would you like to be notified
- force
Sub booleanClaims - enforce role-association must include sub claims
- group
Attr string - Group attribute
- group
Dn string - Group DN
- group
Filter string - Group filter
- gw
Bound string[]Ips - A comma-separated CIDR block list as a trusted Gateway entity
- jwt
Ttl number - creds expiration time in minutes. If not set, use default according to account settings (see get-account-settings)
- keytab
File stringData - Keytab file data (base64 encoded)
- krb5Conf
Data string - Kerberos configuration file data (base64 encoded)
- ldap
Anonymous booleanSearch - Enable LDAP anonymous search
- ldap
Ca stringCert - LDAP CA certificate
- ldap
Url string - LDAP URL
- name string
- Auth Method name
- product
Types string[] - Choose the relevant product type for the auth method [sm, sra, pm, dp, ca]
- subclaims
Delimiters string[] - A list of additional sub claims delimiters
- unique
Identifier string - A unique identifier (ID) value should be configured. Whenever a user logs in with a token, these authentication types issue a sub claim that contains details uniquely identifying that user. This sub claim includes a key containing the ID value that you configured, and is used to distinguish between different users from within the same organization.
- user
Attribute string - User attribute
- user
Dn string - User DN
- access_
expires float - Access expiration date in Unix timestamp (select 0 for access without expiry date)
- access_
id str - Auth Method access ID
- allowed_
client_ Sequence[str]types - Limit the auth method usage for specific client types [cli,ui,gateway-admin,sdk,mobile,extension]
- audit_
logs_ Sequence[str]claims - Subclaims to include in audit logs
- auth_
method_ strkerberos_ id - The ID of this resource.
- bind_
dn str - Bind DN
- bind_
dn_ strpassword - Bind DN password
- bound_
ips Sequence[str] - A comma-separated CIDR block list to allow client access
- delete_
protection str - Protection from accidental deletion of this object, [true/false]
- description str
- Auth Method description
- expiration_
event_ Sequence[str]ins - How many days before the expiration of the auth method would you like to be notified
- force_
sub_ boolclaims - enforce role-association must include sub claims
- group_
attr str - Group attribute
- group_
dn str - Group DN
- group_
filter str - Group filter
- gw_
bound_ Sequence[str]ips - A comma-separated CIDR block list as a trusted Gateway entity
- jwt_
ttl float - creds expiration time in minutes. If not set, use default according to account settings (see get-account-settings)
- keytab_
file_ strdata - Keytab file data (base64 encoded)
- krb5_
conf_ strdata - Kerberos configuration file data (base64 encoded)
- ldap_
anonymous_ boolsearch - Enable LDAP anonymous search
- ldap_
ca_ strcert - LDAP CA certificate
- ldap_
url str - LDAP URL
- name str
- Auth Method name
- product_
types Sequence[str] - Choose the relevant product type for the auth method [sm, sra, pm, dp, ca]
- subclaims_
delimiters Sequence[str] - A list of additional sub claims delimiters
- unique_
identifier str - A unique identifier (ID) value should be configured. Whenever a user logs in with a token, these authentication types issue a sub claim that contains details uniquely identifying that user. This sub claim includes a key containing the ID value that you configured, and is used to distinguish between different users from within the same organization.
- user_
attribute str - User attribute
- user_
dn str - User DN
- access
Expires Number - Access expiration date in Unix timestamp (select 0 for access without expiry date)
- access
Id String - Auth Method access ID
- allowed
Client List<String>Types - Limit the auth method usage for specific client types [cli,ui,gateway-admin,sdk,mobile,extension]
- audit
Logs List<String>Claims - Subclaims to include in audit logs
- auth
Method StringKerberos Id - The ID of this resource.
- bind
Dn String - Bind DN
- bind
Dn StringPassword - Bind DN password
- bound
Ips List<String> - A comma-separated CIDR block list to allow client access
- delete
Protection String - Protection from accidental deletion of this object, [true/false]
- description String
- Auth Method description
- expiration
Event List<String>Ins - How many days before the expiration of the auth method would you like to be notified
- force
Sub BooleanClaims - enforce role-association must include sub claims
- group
Attr String - Group attribute
- group
Dn String - Group DN
- group
Filter String - Group filter
- gw
Bound List<String>Ips - A comma-separated CIDR block list as a trusted Gateway entity
- jwt
Ttl Number - creds expiration time in minutes. If not set, use default according to account settings (see get-account-settings)
- keytab
File StringData - Keytab file data (base64 encoded)
- krb5Conf
Data String - Kerberos configuration file data (base64 encoded)
- ldap
Anonymous BooleanSearch - Enable LDAP anonymous search
- ldap
Ca StringCert - LDAP CA certificate
- ldap
Url String - LDAP URL
- name String
- Auth Method name
- product
Types List<String> - Choose the relevant product type for the auth method [sm, sra, pm, dp, ca]
- subclaims
Delimiters List<String> - A list of additional sub claims delimiters
- unique
Identifier String - A unique identifier (ID) value should be configured. Whenever a user logs in with a token, these authentication types issue a sub claim that contains details uniquely identifying that user. This sub claim includes a key containing the ID value that you configured, and is used to distinguish between different users from within the same organization.
- user
Attribute String - User attribute
- user
Dn String - User DN
Package Details
- Repository
- akeyless akeyless-community/terraform-provider-akeyless
- License
- Notes
- This Pulumi package is based on the
akeylessTerraform Provider.
Viewing docs for akeyless 2.0.1
published on Monday, Apr 27, 2026 by akeyless-community
published on Monday, Apr 27, 2026 by akeyless-community
