use strict;
no strict 'refs';
-use Heimdal::Kadm5 qw (KRB5_KDB_REQUIRES_PRE_AUTH KADM5_POLICY_NORMAL_MASK
- KRB5_KDB_DISALLOW_ALL_TIX KADM5_POLICY_CLR);
+use Expect ();
+use Date::Parse qw(str2time);
+use Heimdal::Kadm5 qw(KRB5_KDB_REQUIRES_PRE_AUTH KADM5_POLICY_NORMAL_MASK
+ KRB5_KDB_DISALLOW_ALL_TIX KADM5_POLICY_CLR);
use POSIX;
use Time::Seconds;
-use Expect ();
# Disable sending of kadmin's output to our standard output.
$Expect::Log_Stdout = 0;
kadmin disable <user> Disable <user> account
kadmin enable <user> Enable <user> account
kadmin examine <user> Show information for <user>
+ kadmin expiration <user> <date> Set expiration for <user>
kadmin instance check <user> <inst> Whether <user>/<inst> exists
kadmin instance create <user> <inst> <pass> Create <user>/<inst> account
kadmin instance delete <user> <inst> Delete <user>/<inst> account
}
}
+# Change a principal's expiration date using kadmin.
+sub kadmin_expiration {
+ my ($principal, $instance, $expiration) = @_;
+ check_principal ($principal, $instance);
+ kadmiN_config ($instance) or return;
+ $principal = "$principal/$instance" if $instance;
+ my $expires = str2time ($expiration);
+ unless (defined $expires) {
+ warn "error: invalid expiration date $expiration\n";
+ exit 1;
+ }
+
+ my $kadmin = kadmin_handle ($instance);
+ my $data = { $kadmin->getPrincipal ($principal) };
+ if ($@) {
+ warn "error: $@\n";
+ exit 1;
+ } elsif (!defined $data) {
+ warn "error: principal $principal does not exist\n";
+ exit 1;
+ }
+ eval {
+ $data->setPrincExpireTime ($expires);
+ $kadmin->modifyPrincipal ($data);
+ };
+ if ($@) {
+ warn "error: $@\n";
+ exit 1;
+ }
+}
+
# Reset a password via kadmin.
sub kadmin_reset {
my ($principal, $instance, $password) = @_;
($princ, $inst) = split ('/', $princ);
examine_principal ($princ, $inst);
+} elsif ($cmd eq 'expiration') {
+
+ my $princ = shift or die "error: missing principal\n";
+ my $expiration = shift or die "error: missing expiration date\n";
+
+ kadmin_expiration ($princ, '', $expiration);
+
} elsif ($cmd eq 'help') {
print $HELP;
B<kadmin-backend> (delete | disable | enable | examine) I<user>
+B<kadmin-backend> expiration I<user> I<date>
+
B<kadmin-backend> (reset_passwd | reset) I<user> I<password>
B<kadmin-backend> instance check I<user> I<instance>
the result of B<kadmin getprinc>. A line of 40 dashes separates the first
from the second if AFS kaserver support is configured.
+The C<expiration> function changes the expiration date of a principal.
+This is not propagated into an AFS kaserver or into Active Directory.
+
The C<help> function prints out a summary of supported functions and their
arguments.