User list by date?

Greg Hudson ghudson at MIT.EDU
Fri May 31 15:26:14 EDT 2013

On 05/31/2013 01:55 PM, Sean M. Pappalardo wrote:
> I would just like to know if it's possible to coax kadmin to display a
> list of principals that had a "last successful authentication" within a
> certain date range? If not that specific, can I get it to display the
> principal name and the last auth date line for each? If not even that,
> how can I at least dump the output of 'getprinc' for all principals?

You could parse the kdb5_util dump output.  Lines beginning with "princ"
will have the principal names as the 7th field and the last successful
login as the 13th field.

More generally, we've discussed adding some kind of reporting facility
to kadmin or perhaps adding officially supported bindings for a
scripting language, but right now we don't have much along those lines.
 I think a lot of administrators use this:

but keep in mind that it can only operate through kadmind, not locally,
and iterating over your database through kadmind will block other admin
operations including password changes.

More information about the Kerberos mailing list