authen::krb5::admin : create principal

FM dist-list at LEXUM.UMontreal.CA
Fri Apr 8 18:23:23 EDT 2005 

Thank you !
Base on you script, I'll try to create a KERB_del_principal and a 
KERB_update_password subs

reg,

Jason T Hardy wrote:
> This is a simple adduser script that authenticates the admin principal
> with a keytab. You should search CPAN for Krb5:Admin; there are plenty
> of useful examples there. Note: I've removed most of the error handling
> here, so don't use this code without first cleaning it up.
> 
> Jason
> 
> ----
> 
> use Authen::Krb5::Admin qw(:constants);
> use Authen::Krb5;
> 
> sub setup_krb5 {
> 	my $krb5context;
> 	eval {
> 		$krb5context = Authen::Krb5::init_context();
> 		Authen::Krb5::init_ets();
> 	};
> 	
> 	if ( $@ ) {
> 		warn $@;
> 	}
> 
> 	return $krb5context;
> }
> 
> sub setup_kadmin {
> 	my ( $krb_admin_princ, $krb_admin_keytab ) = @_;
> 
> 	my $kadm5 =
> 	  Authen::Krb5::Admin->init_with_skey( $krb_admin_princ, $krb_admin_keytab )
> 	  or die Authen::Krb5::Admin::error;
> 
> 	return $kadm5;
> }
> 
> 
> sub KERB_add_principal {
> 	my ( $kadm5, $uid, $userPassword ) = @_;
> 	my $krb5_princ;
> 
> 	# get valid kerb5 principal from uid
> 	$krb5_princ = Authen::Krb5::parse_name($uid)
> 	  or die Authen::Krb5::error;
> 
> 	# get a new principal object
> 	my $kadm5_princ = Authen::Krb5::Admin::Principal->new
> 	  or die Authen::Krb5::error;
> 
> 	# set the value of the new principal's principal name
> 	$kadm5_princ->principal($krb5_princ)
> 	  or die Authen::Krb5::error;
> 
> 	# if principal does not exist, ok to create...
> 	if ( !$kadm5->get_principal($krb5_princ) ) {
> 	    # set the value of the principals policy
> 	    $kadm5_princ->policy( "default" )
> 	        or die Authen::Krb5::Admin::error;
> 	
> 	    # modify principal's pw expiration
> 	    $kadm5_princ->pw_expiration( time() )
> 	        or die Authen::Krb5::Admin::error;
> 		
> 	    # create princ
> 	    $kadm5->create_principal( $kadm5_princ, $userPassword )
> 		or die Authen::Krb5::Admin::error;
> 	}
> 	else { 
> 		warn "WARNING: Principal $uid already existed in Kerberos\n";
> 	}
> }
> 
> my $krb_admin_princ = "your admin princ";
> my $krb_admin_keytab = "your keytab location";
> my $uid = "your new username";
> my $userPassword = "your new password";
> 
> my $krb5context = setup_krb5();
> my $kadm5       = setup_kadmin( $krb_admin_princ, $krb_admin_keytab );
> KERB_add_principal( $kadm5, $uid, $userPassword );
> 
> ---
> 
> 
> 
> On Fri, 2005-04-08 at 14:56 -0400, FM wrote:
> 
>>Hello,
>>Do you have example to manage kerberos db using perl
>>I create a simple test script :
>>
>>$handle = 
>>Authen::Krb5::Admin->init_with_password("$ADMINPRINC","$adminpass");
>>$kp=Authen::krb5::get_default_realm();
>>print $kp;
>>
>>but I received :
>>Undefined subroutine &Authen::krb5::get_default_realm
>>
>>I'd like to be able to add principal and change password for existing 
>>users (2 scripts are fine).
>>
>>________________________________________________
>>Kerberos mailing list           Kerberos at mit.edu
>>https://mailman.mit.edu/mailman/listinfo/kerberos
>>
>>
>>------------------------------------------------------------------------
>>
>>________________________________________________
>>Kerberos mailing list           Kerberos at mit.edu
>>https://mailman.mit.edu/mailman/listinfo/kerberos

More information about the Kerberos mailing list