authen::krb5::admin : create principal

[Digant C Kasundra]

sub KERB_del_principal {
	my ( $kadm5, $uid ) = @_;

	# get valid kerb5 principal from uid
	my $krb5_princ = Authen::Krb5::parse_name($uid)

	# if principal exists, blast it away!
	if ( $kadm5->get_principal($krb5_princ) ) {
	    $kadm5->delete_principal( $krb5_princ )
	}
	else { 
		# principal not found
	}
}

sub KERB_change_password {
	my ( $kadm5, $uid, $password ) = @_;

	my $principal = Authen::Krb5::parse_name($uid)

	my $kerb_admin_principal = Authen::Krb5::Admin::Principal->new

	$kerb_admin_principal->principal($principal)

	if ( $kadm5->get_principal($principal) ) {
		$kadm5->chpass_principal( $principal, $password );
	}
	else {
		# principal doesn't exist
	}
}


On Fri, 2005-04-08 at 17:23, FM wrote:
> Thank you !
> Base on you script, I'll try to create a KERB_del_principal and a 
> KERB_update_password subs
> 
> reg,
> 
> Jason T Hardy wrote:
> > This is a simple adduser script that authenticates the admin principal
> > with a keytab. You should search CPAN for Krb5:Admin; there are plenty
> > of useful examples there. Note: I've removed most of the error handling
> > here, so don't use this code without first cleaning it up.
> > 
> > Jason
> > 
> > ----
> > 
> > use Authen::Krb5::Admin qw(:constants);
> > use Authen::Krb5;
> > 
> > sub setup_krb5 {
> > 	my $krb5context;
> > 	eval {
> > 		$krb5context = Authen::Krb5::init_context();
> > 		Authen::Krb5::init_ets();
> > 	};
> > 	
> > 	if ( $@ ) {
> > 		warn $@;
> > 	}
> > 
> > 	return $krb5context;
> > }
> > 
> > sub setup_kadmin {
> > 	my ( $krb_admin_princ, $krb_admin_keytab ) = @_;
> > 
> > 	my $kadm5 =
> > 	  Authen::Krb5::Admin->init_with_skey( $krb_admin_princ, $krb_admin_keytab )
> > 	  or die Authen::Krb5::Admin::error;
> > 
> > 	return $kadm5;
> > }
> > 
> > 
> > sub KERB_add_principal {
> > 	my ( $kadm5, $uid, $userPassword ) = @_;
> > 	my $krb5_princ;
> > 
> > 	# get valid kerb5 principal from uid
> > 	$krb5_princ = Authen::Krb5::parse_name($uid)
> > 	  or die Authen::Krb5::error;
> > 
> > 	# get a new principal object
> > 	my $kadm5_princ = Authen::Krb5::Admin::Principal->new
> > 	  or die Authen::Krb5::error;
> > 
> > 	# set the value of the new principal's principal name
> > 	$kadm5_princ->principal($krb5_princ)
> > 	  or die Authen::Krb5::error;
> > 
> > 	# if principal does not exist, ok to create...
> > 	if ( !$kadm5->get_principal($krb5_princ) ) {
> > 	    # set the value of the principals policy
> > 	    $kadm5_princ->policy( "default" )
> > 	        or die Authen::Krb5::Admin::error;
> > 	
> > 	    # modify principal's pw expiration
> > 	    $kadm5_princ->pw_expiration( time() )
> > 	        or die Authen::Krb5::Admin::error;
> > 		
> > 	    # create princ
> > 	    $kadm5->create_principal( $kadm5_princ, $userPassword )
> > 		or die Authen::Krb5::Admin::error;
> > 	}
> > 	else { 
> > 		warn "WARNING: Principal $uid already existed in Kerberos\n";
> > 	}
> > }
> > 
> > my $krb_admin_princ = "your admin princ";
> > my $krb_admin_keytab = "your keytab location";
> > my $uid = "your new username";
> > my $userPassword = "your new password";
> > 
> > my $krb5context = setup_krb5();
> > my $kadm5       = setup_kadmin( $krb_admin_princ, $krb_admin_keytab );
> > KERB_add_principal( $kadm5, $uid, $userPassword );
> > 
> > ---
> > 
> > 
> > 
> > On Fri, 2005-04-08 at 14:56 -0400, FM wrote:
> > 
> >>Hello,
> >>Do you have example to manage kerberos db using perl
> >>I create a simple test script :
> >>
> >>$handle = 
> >>Authen::Krb5::Admin->init_with_password("$ADMINPRINC","$adminpass");
> >>$kp=Authen::krb5::get_default_realm();
> >>print $kp;
> >>
> >>but I received :
> >>Undefined subroutine &Authen::krb5::get_default_realm
> >>
> >>I'd like to be able to add principal and change password for existing 
> >>users (2 scripts are fine).
> >>
> >>________________________________________________
> >>Kerberos mailing list           Kerberos at mit.edu
> >>https://mailman.mit.edu/mailman/listinfo/kerberos
> >>
> >>
> >>------------------------------------------------------------------------
> >>
> >>________________________________________________
> >>Kerberos mailing list           Kerberos at mit.edu
> >>https://mailman.mit.edu/mailman/listinfo/kerberos
> ________________________________________________
> Kerberos mailing list           Kerberos at mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos
-- 
Digant C Kasundra
Enterprise Operations and Systems
Office of Information Technology
University of Texas at Arlington
Ph: 817-272-2208
GnuPG Public Key: http://omega.uta.edu/~digant/digant.gpg.asc

To request technical support, please contact our computing Help Desk at
817-272-2208, e-mail helpdesk at uta.edu or create a work order at
https://eservices.uta.edu/oitforms/workorder.html