Re: authen::krb5::admin : create principal

FM Fri, 08 Apr 2005 15:25:40 -0700

Thank you ! Base on you script, I'll try to create a KERB_del_principal and a KERB_update_password subs

reg,

Jason T Hardy wrote:

This is a simple adduser script that authenticates the admin principal
with a keytab. You should search CPAN for Krb5:Admin; there are plenty
of useful examples there. Note: I've removed most of the error handling
here, so don't use this code without first cleaning it up.

Jason

----

use Authen::Krb5::Admin qw(:constants);
use Authen::Krb5;

sub setup_krb5 {
        my $krb5context;
        eval {
                $krb5context = Authen::Krb5::init_context();
                Authen::Krb5::init_ets();
        };
        
        if ( $@ ) {
                warn $@;
        }

        return $krb5context;
}

sub setup_kadmin {
        my ( $krb_admin_princ, $krb_admin_keytab ) = @_;

        my $kadm5 =
          Authen::Krb5::Admin->init_with_skey( $krb_admin_princ, 
$krb_admin_keytab )
          or die Authen::Krb5::Admin::error;

        return $kadm5;
}


sub KERB_add_principal {
        my ( $kadm5, $uid, $userPassword ) = @_;
        my $krb5_princ;

        # get valid kerb5 principal from uid
        $krb5_princ = Authen::Krb5::parse_name($uid)
          or die Authen::Krb5::error;

        # get a new principal object
        my $kadm5_princ = Authen::Krb5::Admin::Principal->new
          or die Authen::Krb5::error;

        # set the value of the new principal's principal name
        $kadm5_princ->principal($krb5_princ)
          or die Authen::Krb5::error;

# if principal does not exist, ok to create... if ( !$kadm5->get_principal($krb5_princ) ) { # set the value of the principals policy $kadm5_princ->policy( "default" ) or die Authen::Krb5::Admin::error; # modify principal's pw expiration $kadm5_princ->pw_expiration( time() ) or die Authen::Krb5::Admin::error; # create princ $kadm5->create_principal( $kadm5_princ, $userPassword ) or die Authen::Krb5::Admin::error; } else { warn "WARNING: Principal $uid already existed in Kerberos\n"; } }

my $krb_admin_princ = "your admin princ";
my $krb_admin_keytab = "your keytab location";
my $uid = "your new username";
my $userPassword = "your new password";

my $krb5context = setup_krb5();
my $kadm5       = setup_kadmin( $krb_admin_princ, $krb_admin_keytab );
KERB_add_principal( $kadm5, $uid, $userPassword );

---

On Fri, 2005-04-08 at 14:56 -0400, FM wrote:

Hello,
Do you have example to manage kerberos db using perl
I create a simple test script :

$handle = Authen::Krb5::Admin->init_with_password("$ADMINPRINC","$adminpass"); $kp=Authen::krb5::get_default_realm(); print $kp;

but I received :
Undefined subroutine &Authen::krb5::get_default_realm

I'd like to be able to add principal and change password for existing users (2 scripts are fine).

________________________________________________
Kerberos mailing list           [email protected]
https://mailman.mit.edu/mailman/listinfo/kerberos


------------------------------------------------------------------------

________________________________________________
Kerberos mailing list           [email protected]
https://mailman.mit.edu/mailman/listinfo/kerberos

________________________________________________
Kerberos mailing list           [email protected]
https://mailman.mit.edu/mailman/listinfo/kerberos

Re: authen::krb5::admin : create principal

Reply via email to