|
|
|
LXIX. KADM5
The constants below are defined by this extension, and
will only be available when the extension has either
been compiled into PHP or dynamically loaded at runtime.
The functions kadm5_create_principal(),
kadm5_modify_principal(), and
kadm5_modify_principal() allow to specify
special attributes using a bitfield. The symbols are defined below:
Table 1. Attributes for use by the KDC | constant |
|---|
| KRB5_KDB_DISALLOW_POSTDATED | | KRB5_KDB_DISALLOW_FORWARDABLE | | KRB5_KDB_DISALLOW_TGT_BASED | | KRB5_KDB_DISALLOW_RENEWABLE | | KRB5_KDB_DISALLOW_PROXIABLE | | KRB5_KDB_DISALLOW_DUP_SKEY | | KRB5_KDB_DISALLOW_ALL_TIX | | KRB5_KDB_REQUIRES_PRE_AUTH | | KRB5_KDB_REQUIRES_HW_AUTH | | KRB5_KDB_REQUIRES_PWCHANGE | | KRB5_KDB_DISALLOW_SVR | | KRB5_KDB_PWCHANGE_SERVER | | KRB5_KDB_SUPPORT_DESMD5 | | KRB5_KDB_NEW_PRINC |
The functions kadm5_create_principal(),
kadm5_modify_principal(), and
kadm5_get_principal() allow to specify or return
principal's options as an associative array. The keys for the associative
array are defined as string constants below:
Table 2. Options for creating/modifying/retrieving principals | constant | funcdef | description |
|---|
| KADM5_PRINCIPAL | long | The expire time of the princial as a Kerberos timestamp. | | KADM5_PRINC_EXPIRE_TIME | long | The expire time of the princial as a Kerberos timestamp. | | KADM5_LAST_PW_CHANGE | long | The time this principal's password was last changed. | | KADM5_PW_EXPIRATION | long |
The expire time of the principal's current password, as a Kerberos
timestamp.
| | KADM5_MAX_LIFE | long |
The maximum lifetime of any Kerberos ticket issued to this principal.
| | KADM5_MAX_RLIFE | long |
The maximum renewable lifetime of any Kerberos ticket issued to or
for this principal.
| | KADM5_MOD_NAME | string |
The name of the Kerberos principal that most recently modified this
principal.
| | KADM5_MOD_TIME | long |
The time this principal was last modified, as a Kerberos timestamp.
| | KADM5_KVNO | long | The version of the principal's current key. | | KADM5_POLICY | string | The name of the policy controlling this principal. | | KADM5_CLEARPOLICY | long |
Standard procedure is to assign the 'default' policy to new
principals. KADM5_CLEARPOLICY suppresses this behaviour.
| | KADM5_LAST_SUCCESS | long | The KDC time of the last successfull AS_REQ. | | KADM5_LAST_FAILED | long | The KDC time of the last failed AS_REQ. | | KADM5_FAIL_AUTH_COUNT | long | The number of consecutive failed AS_REQs. | | KADM5_RANDKEY | long |
Generates a random password for the principal. The parameter
password will be ignored.
| | KADM5_ATTRIBUTES | long | A bitfield of attributes for use by the KDC. |
This simple example shows how to connect, query, print
resulting principals and disconnect from a KADM5 database.
Example 1. KADM5 extension overview example <?php
$handle = kadm5_init_with_password("afs-1", "GONICUS.LOCAL", "admin/admin", "password");
print "<h1>get_principals</h1>\n";
$principals = kadm5_get_principals($handle);
for( $i=0; $i<count($principals); $i++)
print "$principals[$i]<br>\n";
print "<h1>get_policies</h1>\n";
$policies = kadm5_get_policies($handle);
for( $i=0; $i<count($policies); $i++)
print "$policies[$i]<br>\n";
print "<h1>get_principal burbach@GONICUS.LOCAL</h1>\n";
$options = kadm5_get_principal($handle, "burbach@GONICUS.LOCAL" );
$keys = array_keys($options);
for( $i=0; $i<count($keys); $i++) {
$value = $options[$keys[$i]];
print "$keys[$i]: $value<br>\n";
}
$options = array(KADM5_PRINC_EXPIRE_TIME => 0);
kadm5_modify_principal($handle, "burbach@GONICUS.LOCAL", $options);
kadm5_destroy($handle);
?> |
|
|
|
|
json_encode
