Retrieve the Kerberos database entry for the given principal. The result
will be an Authen::Kerberos::Kadmin::Entry object.
+=item modify(ENTRY)
+
+Given an Authen::Kerberos::Kadmin::Entry object, write any changes in that
+object back to the Kerberos KDC database. Only those fields that have
+been modified via the Authen::Kerberos::Kadmin::Entry object methods will
+be written back, and all modified fields will be written.
+
=back
=head1 AUTHOR
* principal, and the mask, which stores which parameters we modified.
*/
typedef struct {
- void *handle;
+ SV *handle;
SV *ctx;
uint32_t mask;
kadm5_principal_ent_t ent;
code = kadm5_get_principal(self->handle, princ, ent, mask);
krb5_free_principal(ctx, princ);
if (code != 0)
- krb5_croak(ctx, code, "kadm5_get_principal", TRUE);
+ krb5_croak(ctx, code, "kadm5_get_principal", FALSE);
/* Build our internal representation. */
entry = calloc(1, sizeof(*entry));
RETVAL
+void
+modify(self, entry)
+ Authen::Kerberos::Kadmin self
+ Authen::Kerberos::Kadmin::Entry entry
+ PREINIT:
+ void *handle;
+ krb5_context ctx;
+ krb5_error_code code;
+ CODE:
+{
+ CROAK_NULL_SELF(self, "Authen::Kerberos::Kadmin", "modify");
+ CROAK_NULL(entry, "Authen::Kerberos::Kadmin::Entry",
+ "Authen::Kerberos::Kadmin::modify");
+ ctx = krb5_context_from_sv(self->ctx, "Authen::Kerberos::Kadmin");
+ code = kadm5_modify_principal(self->handle, entry->ent, entry->mask);
+ if (code != 0)
+ krb5_croak(ctx, code, "kadm5_modify_principal", FALSE);
+ XSRETURN_YES;
+}
+
MODULE = Authen::Kerberos::Kadmin PACKAGE = Authen::Kerberos::Kadmin::Entry
krb5_timestamp
-password_expiration(self)
+password_expiration(self, expiration = 0)
Authen::Kerberos::Kadmin::Entry self
+ krb5_timestamp expiration
CODE:
{
CROAK_NULL_SELF(self, "Authen::Kerberos::Kadmin::Entry",
"password_expiration");
+ if (items > 1) {
+ self->ent->pw_expiration = expiration;
+ self->mask |= KADM5_PW_EXPIRATION;
+ }
RETVAL = self->ent->pw_expiration;
}
OUTPUT:
=head1 INSTANCE METHODS
+Many of these methods either return information from the Kerberos KDC
+database (KDB) entry or set data if an argument to the method was given.
+Any changes made this way only appear in the local object, not in the
+actual KDC database, until this object is stored back in the database using
+the modify() method of the Authen::Kerberos::Kadmin object. That's also
+when most errors will be reported. When this object is passed to
+modify(), everything that was updated in the object will be written to the
+KDC database at the same time.
+
As with all Authen::Kerberos methods, an Authen::Kerberos::Exception
object will be thrown on any Kerberos error.
=over 4
-=item last_password_change
+=item last_password_change()
Returns the last password change time for this database entry in seconds
since UNIX epoch, or C<0> if there is no password change information
available.
-=item password_expiration
+=item password_expiration([TIME])
Returns the password expiration time for this database entry in seconds
since UNIX epoch, or C<0> if this principal does not have a password
-expiration set.
+expiration set. If the TIME argument is given, sets the password
+expiration time to TIME, which is in the same format, and returns the
+value that was set.
=back
use File::Copy qw(copy);
-use Test::More tests => 14;
+use Test::More tests => 18;
BEGIN {
use_ok('Authen::Kerberos::Kadmin');
$entry = $kadmin->get('test@TEST.EXAMPLE.COM');
ok(time - $entry->last_password_change < 10, 'Last password change updated');
+# Set the password expiration for this entry and confirm that it changed.
+my $expires = time + 10;
+is($entry->password_expiration($expires),
+ $expires, 'Setting password expiration returns the correct value');
+ok(eval { $kadmin->modify($entry) }, 'Modify password expiration');
+is($@, q{}, '...with no exception');
+$entry = $kadmin->get('test@TEST.EXAMPLE.COM');
+is($entry->password_expiration, $expires, '...and expiration changed');
+
# Test password change to something that should be rejected by the password
# quality check.
ok(