[23680] in Kerberos
Re: authen::krb5::admin : create principal
daemon@ATHENA.MIT.EDU (Jason T Hardy)
Fri Apr 8 15:56:25 2005
From: Jason T Hardy <jthardy@uta.edu>
To: kerberos@mit.edu
In-Reply-To: <4256D3E5.50102@lexum.umontreal.ca>
Date: Fri, 08 Apr 2005 14:55:42 -0500
Message-Id: <1112990142.31537.35.camel@dionysus.uta.edu>
Mime-Version: 1.0
Content-Type: multipart/mixed; boundary="===============78317446513281719=="
Errors-To: kerberos-bounces@mit.edu
--===============78317446513281719==
Content-Type: multipart/signed; micalg=pgp-sha1;
protocol="application/pgp-signature"; boundary="=-qTu3MlFIN9eMAATa/rvP"
--=-qTu3MlFIN9eMAATa/rvP
Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable
This is a simple adduser script that authenticates the admin principal
with a keytab. You should search CPAN for Krb5:Admin; there are plenty
of useful examples there. Note: I've removed most of the error handling
here, so don't use this code without first cleaning it up.
Jason
----
use Authen::Krb5::Admin qw(:constants);
use Authen::Krb5;
sub setup_krb5 {
my $krb5context;
eval {
$krb5context =3D Authen::Krb5::init_context();
Authen::Krb5::init_ets();
};
=09
if ( $@ ) {
warn $@;
}
return $krb5context;
}
sub setup_kadmin {
my ( $krb_admin_princ, $krb_admin_keytab ) =3D @_;
my $kadm5 =3D
Authen::Krb5::Admin->init_with_skey( $krb_admin_princ, $krb_admin_keytab=
)
or die Authen::Krb5::Admin::error;
return $kadm5;
}
sub KERB_add_principal {
my ( $kadm5, $uid, $userPassword ) =3D @_;
my $krb5_princ;
# get valid kerb5 principal from uid
$krb5_princ =3D Authen::Krb5::parse_name($uid)
or die Authen::Krb5::error;
# get a new principal object
my $kadm5_princ =3D Authen::Krb5::Admin::Principal->new
or die Authen::Krb5::error;
# set the value of the new principal's principal name
$kadm5_princ->principal($krb5_princ)
or die Authen::Krb5::error;
# if principal does not exist, ok to create...
if ( !$kadm5->get_principal($krb5_princ) ) {
# set the value of the principals policy
$kadm5_princ->policy( "default" )
or die Authen::Krb5::Admin::error;
=09
# modify principal's pw expiration
$kadm5_princ->pw_expiration( time() )
or die Authen::Krb5::Admin::error;
=09
# create princ
$kadm5->create_principal( $kadm5_princ, $userPassword )
or die Authen::Krb5::Admin::error;
}
else {=20
warn "WARNING: Principal $uid already existed in Kerberos\n";
}
}
my $krb_admin_princ =3D "your admin princ";
my $krb_admin_keytab =3D "your keytab location";
my $uid =3D "your new username";
my $userPassword =3D "your new password";
my $krb5context =3D setup_krb5();
my $kadm5 =3D setup_kadmin( $krb_admin_princ, $krb_admin_keytab );
KERB_add_principal( $kadm5, $uid, $userPassword );
---
On Fri, 2005-04-08 at 14:56 -0400, FM wrote:
> Hello,
> Do you have example to manage kerberos db using perl
> I create a simple test script :
>=20
> $handle =3D=20
> Authen::Krb5::Admin->init_with_password("$ADMINPRINC","$adminpass");
> $kp=3DAuthen::krb5::get_default_realm();
> print $kp;
>=20
> but I received :
> Undefined subroutine &Authen::krb5::get_default_realm
>=20
> I'd like to be able to add principal and change password for existing=20
> users (2 scripts are fine).
>=20
> ________________________________________________
> Kerberos mailing list Kerberos@mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos
--=20
Jason T Hardy
Enterprise Operations and Systems
Office of Information Technology
University of Texas at Arlington
GnuPG Public Key: http://omega.uta.edu/~jthardy/jthardy.gpg.asc
--=-qTu3MlFIN9eMAATa/rvP
Content-Type: application/pgp-signature; name=signature.asc
Content-Description: This is a digitally signed message part
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (GNU/Linux)
iD8DBQBCVuG9tNHMa49nCygRArhkAJ9YN9LKG18IlqRJ6j9H4C0gloO/JgCfX58/
kPPb7KOBI/vQI0iARNDmBAY=
=kolB
-----END PGP SIGNATURE-----
--=-qTu3MlFIN9eMAATa/rvP--
--===============78317446513281719==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
--===============78317446513281719==--