Perl kadmin interface
Jason T Hardy
jthardy at uta.edu
Fri Aug 27 10:56:31 EDT 2004
Dave,
Thanks for your code snippet. Here's my problem in more detail. The
admin principal connects to the KDC properly, and I can see the
connection show up in kadmind.log on the KDC. I'm able to search the
principals, etc, so I'm certain that there's no problem with the code
until I attempt to add a new principal.
use Authen::Krb5::Admin qw(:constants);
use Authen::Krb5;
...
my $krb5context = Authen::Krb5::init_context();
Authen::Krb5::init_ets();
my $adminpric = 'xxx/admin@'.$KRB5_REALM;
my $adminkeytab = 'xxx.keytab';
my $kadm5 = Authen::Krb5::Admin->init_with_skey($adminprinc, $adminkeytab)
or die "Unable to init at ", __LINE__,":\n", Authen::Krb5::Admin::error ,"\n$@";
...
my $principal = Authen::Krb5::parse_name(lc($this_account{'uid'}))
or die Authen::Krb5::error;
my $statusmsg = $kadm5->create_principal($principal, $this_account{'userPassword'})
or die Authen::Krb5::Admin::error;
...
When I get to create_principal I'm receiving:
princ is not of type Authen::Krb5::Admin::Principal
I've tried using the Authen::Krb5::Admin::Principal class, but the only
method mentioned is new(), which takes no arguments. When $principal is
defined with that class, I receive:
$principal = Authen::Krb5::Admin::Principal::new()
or die Authen::Krb5::Admin::error;
Usage: Authen::Krb5::Admin::Principal::new(CLASS)
or
$principal = Authen::Krb5::Admin::Principal::new($this_account{'uid'})
or die Authen::Krb5::Admin::error;
Illegal principal name
Any experience with the Authen::Krb5::Admin interface? Here's a link to
the documentation on CPAN:
http://search.cpan.org/~korty/Authen-Krb5-Admin-0.06/Admin.pm
Thanks,
Jason
On Fri, 2004-08-27 at 09:18, David Botsch wrote:
> We are using it here to allow users to change their kerberos passwords
> via the web:
>
> # Initialization
> my $krb5context = Authen::Krb5::init_context();
> Authen::Krb5::init_ets();
>
> # Authenticate
> my $krb5princ = Authen::Krb5::parse_name($username); my $kadm5
> = Authen::Krb5::Admin->init_with_password($username, $oldpw);
>
> if (! defined($kadm5)) {
> print "<p>Could not authenticate. Are you sure your Old
> Password was cor
> rect?</p>";
> exit 0;
> }
>
> # Change pw
> my $errorcode = $kadm5->chpass_principal($krb5princ, $newpw);
> if ($errorcode != 1) {
> print "<p><b><font color=red>Something went wrong, code
> $errorcode</font
> > </b></p>";
> exit 0;
> }
>
>
> On 2004.08.26 23:32 Jason T Hardy wrote:
> > I'm tinkering around with the Authen::Krb5::Admin Perl module but
> > stumbling when creating/deleting principals. I may be totally off:
> >
> > ...
> > $principal = Authen::Krb5::Admin::Principal::new($userName) or die
> > Authen::Krb5::Admin::error;
> > $statusmsg = $kadm5->create_principal($principal, $userPassword) or
> > die Authen::Krb5::Admin::error;
> > ...
> >
> > I've been unable to find any useful documentation on the Internet. Has
> > anyone on this list had success using this module? I'd be happy to
> > share
> > my code when finished.
> >
> > Jason
> > --
> > Jason T Hardy
> > Unix Systems Administrator
> > Office of Information Technology
> > University of Texas at Arlington
> >
> > http://www.uta.edu/linux/
> >
> > ________________________________________________
> > Kerberos mailing list Kerberos at mit.edu
> > https://mailman.mit.edu/mailman/listinfo/kerberos
> >
--
Jason T Hardy
Unix Systems Administrator
Office of Information Technology
University of Texas at Arlington
Ph: 817 272-2208
Fx: 817 272-5796
http://www.uta.edu/linux/
To request technical support, please contact our computing Help Desk at
817-272-2208, e-mail helpdesk at uta.edu or create a work order at
https://eservices.uta.edu/oitforms/workorder.html
More information about the Kerberos
mailing list