1 package krb5;
4 use strict;
5 use warnings;
7 use Exporter;
8 use GOSA::GosaSupportDaemon;
9 use Authen::Krb5;
10 use Authen::Krb5::Admin qw(:constants);
12 @ISA = qw(Exporter);
13 my @events = (
14 "get_events",
15 "krb5_list_principals",
16 "krb5_list_policies",
17 "krb5_get_principal",
18 "krb5_create_principal",
19 "krb5_modify_principal",
20 "krb5_del_principal",
21 "krb5_get_policy",
22 "krb5_create_policy",
23 "krb5_modify_policy",
24 "krb5_del_policy",
25 "krb5_set_password",
26 );
27 @EXPORT = @events;
29 BEGIN {}
31 END {}
33 ### Start ######################################################################
35 Authen::Krb5::init_context;
36 Authen::Krb5::init_ets;
38 my $krb_admin;
39 my $krb_password;
41 my %cfg_defaults = (
42 "krb5" => {
43 "admin" => [\$krb_admin, ""],
44 "password" => [\$krb_password, ""],
45 },
46 );
47 &krb5_read_configfile($main::cfg_file, %cfg_defaults);
50 sub krb5_read_configfile {
51 my ($cfg_file, %cfg_defaults) = @_;
52 my $cfg;
54 if( defined( $cfg_file) && ( (-s $cfg_file) > 0 )) {
55 if( -r $cfg_file ) {
56 $cfg = Config::IniFiles->new( -file => $cfg_file );
57 } else {
58 &main::daemon_log("ERROR: krb5.pm couldn't read config file!", 1);
59 }
60 } else {
61 $cfg = Config::IniFiles->new() ;
62 }
63 foreach my $section (keys %cfg_defaults) {
64 foreach my $param (keys %{$cfg_defaults{ $section }}) {
65 my $pinfo = $cfg_defaults{ $section }{ $param };
66 ${@$pinfo[0]} = $cfg->val( $section, $param, @$pinfo[1] );
67 }
68 }
69 }
72 sub get_events { return \@events; }
75 sub krb5_list_principals {
76 my ($msg, $msg_hash) = @_;
77 my $header = @{$msg_hash->{'header'}}[0];
78 my $source = @{$msg_hash->{'source'}}[0];
79 my $target = @{$msg_hash->{'target'}}[0];
80 my $session_id = @{$msg_hash->{'session_id'}}[0];
82 # build return message with twisted target and source
83 my $out_hash = &main::create_xml_hash("answer_$header", $target, $source);
84 &add_content2xml_hash($out_hash, "session_id", $session_id);
86 # Authenticate
87 my $kadm5 = Authen::Krb5::Admin->init_with_password($krb_admin, $krb_password);
88 if (not defined $kadm5){
89 &add_content2xml_hash($out_hash, "error", "Cannot connect to kadmin server");
90 } else {
91 my @principals= $kadm5->get_principals() or &add_content2xml_hash($out_hash, "error", Authen::Krb5::Admin::error);
92 for my $principal (@principals) {
93 &add_content2xml_hash($out_hash, "principal", $principal);
94 }
95 }
97 my $forward_to_gosa = @{$msg_hash->{'forward_to_gosa'}}[0];
98 if (defined $forward_to_gosa) {
99 &add_content2xml_hash($out_hash, "forward_to_gosa", $forward_to_gosa);
100 }
102 # return message
103 return &create_xml_string($out_hash);
104 }
107 sub krb5_create_principal {
108 my ($msg, $msg_hash) = @_;
109 my $header = @{$msg_hash->{'header'}}[0];
110 my $source = @{$msg_hash->{'source'}}[0];
111 my $target = @{$msg_hash->{'target'}}[0];
112 my $session_id = @{$msg_hash->{'session_id'}}[0];
113 my $forward_to_gosa = @{$msg_hash->{'forward_to_gosa'}}[0];
115 # build return message with twisted target and source
116 my $out_hash = &main::create_xml_hash("answer_$header", $target, $source);
117 &add_content2xml_hash($out_hash, "session_id", $session_id);
119 # Sanity check
120 if (not defined @{$msg_hash->{'principal'}}[0]){
121 &add_content2xml_hash($out_hash, "error", "No principal specified");
122 return &create_xml_string($out_hash);
123 }
125 # Authenticate
126 my $kadm5 = Authen::Krb5::Admin->init_with_password($krb_admin, $krb_password);
127 my $principal;
128 if (not defined $kadm5){
129 &add_content2xml_hash($out_hash, "error", "Cannot connect to kadmin server");
130 } else {
131 $principal= Authen::Krb5::parse_name(@{$msg_hash->{'principal'}}[0]);
132 if(not defined $principal) {
133 &add_content2xml_hash($out_hash, "error", "Illegal principal name");
134 } else {
135 if ( $kadm5->get_principal($principal)){
136 &add_content2xml_hash($out_hash, "error", "Principal exists");
137 if (defined $forward_to_gosa) {
138 &add_content2xml_hash($out_hash, "forward_to_gosa", $forward_to_gosa);
139 }
140 return &create_xml_string($out_hash);
141 }
143 my $princ= Authen::Krb5::Admin::Principal->new;
144 foreach ('mask', 'attributes', 'aux_attributes', 'max_life', 'max_renewable_life',
145 'policy', 'princ_expire_time', 'pw_expiration'){
147 if (defined @{$msg_hash->{$_}}[0]){
148 $princ->$_(@{$msg_hash->{$_}}[0]);
149 }
150 }
152 $princ->principal($principal);
153 $kadm5->create_principal($princ, join '', map { chr rand(255) + 1 } 1..256) or &add_content2xml_hash($out_hash, "error", Authen::Krb5::Admin::error);
155 # Directly randomize key
156 $kadm5->randkey_principal($principal);
157 }
158 }
160 if (defined $forward_to_gosa) {
161 &add_content2xml_hash($out_hash, "forward_to_gosa", $forward_to_gosa);
162 }
164 # return message
165 return &create_xml_string($out_hash);
166 }
169 sub krb5_modify_principal {
170 my ($msg, $msg_hash) = @_;
171 my $header = @{$msg_hash->{'header'}}[0];
172 my $source = @{$msg_hash->{'source'}}[0];
173 my $target = @{$msg_hash->{'target'}}[0];
174 my $session_id = @{$msg_hash->{'session_id'}}[0];
175 my $forward_to_gosa = @{$msg_hash->{'forward_to_gosa'}}[0];
177 # build return message with twisted target and source
178 my $out_hash = &main::create_xml_hash("answer_$header", $target, $source);
179 &add_content2xml_hash($out_hash, "session_id", $session_id);
181 # Sanity check
182 if (not defined @{$msg_hash->{'principal'}}[0]){
183 &add_content2xml_hash($out_hash, "error", "No principal specified");
184 if (defined $forward_to_gosa) {
185 &add_content2xml_hash($out_hash, "forward_to_gosa", $forward_to_gosa);
186 }
187 return &create_xml_string($out_hash);
188 }
190 # Authenticate
191 my $kadm5 = Authen::Krb5::Admin->init_with_password($krb_admin, $krb_password);
192 my $principal;
193 if (not defined $kadm5){
194 &add_content2xml_hash($out_hash, "error", "Cannot connect to kadmin server");
195 } else {
196 $principal= Authen::Krb5::parse_name(@{$msg_hash->{'principal'}}[0]);
197 if(not defined $principal) {
198 &add_content2xml_hash($out_hash, "error", "Illegal principal name");
199 } else {
200 if (not $kadm5->get_principal($principal)){
201 &add_content2xml_hash($out_hash, "error", "Principal does not exists");
202 if (defined $forward_to_gosa) {
203 &add_content2xml_hash($out_hash, "forward_to_gosa", $forward_to_gosa);
204 }
205 return &create_xml_string($out_hash);
206 }
208 my $princ= Authen::Krb5::Admin::Principal->new;
209 foreach ('mask', 'attributes', 'aux_attributes', 'max_life', 'max_renewable_life',
210 'policy', 'princ_expire_time', 'pw_expiration'){
212 if (defined @{$msg_hash->{$_}}[0]){
213 $princ->$_(@{$msg_hash->{$_}}[0]);
214 }
215 }
217 $princ->principal($principal);
218 $kadm5->modify_principal($princ) or &add_content2xml_hash($out_hash, "error", Authen::Krb5::Admin::error);
219 }
220 }
222 if (defined $forward_to_gosa) {
223 &add_content2xml_hash($out_hash, "forward_to_gosa", $forward_to_gosa);
224 }
226 # return message
227 return &create_xml_string($out_hash);
228 }
231 sub krb5_get_principal {
232 my ($msg, $msg_hash) = @_;
233 my $header = @{$msg_hash->{'header'}}[0];
234 my $source = @{$msg_hash->{'source'}}[0];
235 my $target = @{$msg_hash->{'target'}}[0];
236 my $session_id = @{$msg_hash->{'session_id'}}[0];
237 my $forward_to_gosa = @{$msg_hash->{'forward_to_gosa'}}[0];
239 # build return message with twisted target and source
240 my $out_hash = &main::create_xml_hash("answer_$header", $target, $source);
241 &add_content2xml_hash($out_hash, "session_id", $session_id);
243 # Sanity check
244 if (not defined @{$msg_hash->{'principal'}}[0]){
245 &add_content2xml_hash($out_hash, "error", "No principal specified");
246 if (defined $forward_to_gosa) {
247 &add_content2xml_hash($out_hash, "forward_to_gosa", $forward_to_gosa);
248 }
249 return &create_xml_string($out_hash);
250 }
252 # Authenticate
253 my $kadm5 = Authen::Krb5::Admin->init_with_password($krb_admin, $krb_password);
254 my $principal;
255 if (not defined $kadm5){
256 &add_content2xml_hash($out_hash, "error", "Cannot connect to kadmin server");
257 } else {
258 $principal= Authen::Krb5::parse_name(@{$msg_hash->{'principal'}}[0]);
259 if(not defined $principal) {
260 &add_content2xml_hash($out_hash, "error", "Illegal principal name");
261 } else {
262 my $data= $kadm5->get_principal($principal) or &add_content2xml_hash($out_hash, "error", Authen::Krb5::Admin::error);
263 &add_content2xml_hash($out_hash, "principal", @{$msg_hash->{'principal'}}[0]);
264 &add_content2xml_hash($out_hash, "mask", $data->mask);
265 &add_content2xml_hash($out_hash, "attributes", $data->attributes);
266 &add_content2xml_hash($out_hash, "kvno", $data->kvno);
267 &add_content2xml_hash($out_hash, "max_life", $data->max_life);
268 &add_content2xml_hash($out_hash, "max_renewable_life", $data->max_renewable_life);
269 &add_content2xml_hash($out_hash, "aux_attributes", $data->aux_attributes);
270 &add_content2xml_hash($out_hash, "policy", $data->policy);
271 &add_content2xml_hash($out_hash, "fail_auth_count", $data->fail_auth_count);
272 &add_content2xml_hash($out_hash, "last_failed", $data->last_failed);
273 &add_content2xml_hash($out_hash, "last_pwd_change", $data->last_pwd_change);
274 &add_content2xml_hash($out_hash, "last_success", $data->last_success);
275 &add_content2xml_hash($out_hash, "mod_date", $data->mod_date);
276 &add_content2xml_hash($out_hash, "princ_expire_time", $data->princ_expire_time);
277 &add_content2xml_hash($out_hash, "pw_expiration", $data->pw_expiration);
278 }
279 }
281 if (defined $forward_to_gosa) {
282 &add_content2xml_hash($out_hash, "forward_to_gosa", $forward_to_gosa);
283 }
285 # return message
286 return &create_xml_string($out_hash);
287 }
290 sub krb5_del_principal {
291 my ($msg, $msg_hash) = @_;
292 my $header = @{$msg_hash->{'header'}}[0];
293 my $source = @{$msg_hash->{'source'}}[0];
294 my $target = @{$msg_hash->{'target'}}[0];
295 my $session_id = @{$msg_hash->{'session_id'}}[0];
296 my $forward_to_gosa = @{$msg_hash->{'forward_to_gosa'}}[0];
298 # build return message with twisted target and source
299 my $out_hash = &main::create_xml_hash("answer_$header", $target, $source);
300 &add_content2xml_hash($out_hash, "session_id", $session_id);
302 # Sanity check
303 if (not defined @{$msg_hash->{'principal'}}[0]){
304 if (defined $forward_to_gosa) {
305 &add_content2xml_hash($out_hash, "forward_to_gosa", $forward_to_gosa);
306 }
307 &add_content2xml_hash($out_hash, "error", "No principal specified");
308 return &create_xml_string($out_hash);
309 }
311 # Authenticate
312 my $kadm5 = Authen::Krb5::Admin->init_with_password($krb_admin, $krb_password);
313 my $principal;
314 if (not defined $kadm5){
315 &add_content2xml_hash($out_hash, "error", "Cannot connect to kadmin server");
316 } else {
317 $principal= Authen::Krb5::parse_name(@{$msg_hash->{'principal'}}[0]);
318 if(not defined $principal) {
319 &add_content2xml_hash($out_hash, "error", "Illegal principal name");
320 } else {
321 $kadm5->delete_principal($principal) or &add_content2xml_hash($out_hash, "error", Authen::Krb5::Admin::error);
322 }
323 }
325 if (defined $forward_to_gosa) {
326 &add_content2xml_hash($out_hash, "forward_to_gosa", $forward_to_gosa);
327 }
329 # return message
330 return &create_xml_string($out_hash);
331 }
334 sub krb5_list_policies {
335 my ($msg, $msg_hash) = @_;
336 my $header = @{$msg_hash->{'header'}}[0];
337 my $source = @{$msg_hash->{'source'}}[0];
338 my $target = @{$msg_hash->{'target'}}[0];
339 my $session_id = @{$msg_hash->{'session_id'}}[0];
341 # build return message with twisted target and source
342 my $out_hash = &main::create_xml_hash("answer_$header", $target, $source);
343 &add_content2xml_hash($out_hash, "session_id", $session_id);
345 # Authenticate
346 my $kadm5 = Authen::Krb5::Admin->init_with_password($krb_admin, $krb_password);
347 if (not defined $kadm5){
348 &add_content2xml_hash($out_hash, "error", "Cannot connect to kadmin server");
349 } else {
350 my @policies= $kadm5->get_policies(); # or &add_content2xml_hash($out_hash, "error", Authen::Krb5::Admin::error);
351 for my $policy (@policies) {
352 &add_content2xml_hash($out_hash, "policy", $policy);
353 }
354 }
356 my $forward_to_gosa = @{$msg_hash->{'forward_to_gosa'}}[0];
357 if (defined $forward_to_gosa) {
358 &add_content2xml_hash($out_hash, "forward_to_gosa", $forward_to_gosa);
359 }
361 # return message
362 return &create_xml_string($out_hash);
363 }
366 sub krb5_get_policy {
367 my ($msg, $msg_hash) = @_;
368 my $header = @{$msg_hash->{'header'}}[0];
369 my $source = @{$msg_hash->{'source'}}[0];
370 my $target = @{$msg_hash->{'target'}}[0];
371 my $session_id = @{$msg_hash->{'session_id'}}[0];
372 my $forward_to_gosa = @{$msg_hash->{'forward_to_gosa'}}[0];
374 # build return message with twisted target and source
375 my $out_hash = &main::create_xml_hash("answer_$header", $target, $source);
376 &add_content2xml_hash($out_hash, "session_id", $session_id);
378 # Sanity check
379 if (not defined @{$msg_hash->{'policy'}}[0]){
380 &add_content2xml_hash($out_hash, "error", "No policy specified");
381 if (defined $forward_to_gosa) {
382 &add_content2xml_hash($out_hash, "forward_to_gosa", $forward_to_gosa);
383 }
384 return &create_xml_string($out_hash);
385 }
387 # Authenticate
388 my $kadm5 = Authen::Krb5::Admin->init_with_password($krb_admin, $krb_password);
389 my $principal;
390 if (not defined $kadm5){
391 &add_content2xml_hash($out_hash, "error", "Cannot connect to kadmin server");
392 } else {
393 my $data= $kadm5->get_policy(@{$msg_hash->{'policy'}}[0]) or &add_content2xml_hash($out_hash, "error", Authen::Krb5::Admin::error);
394 &add_content2xml_hash($out_hash, "name", $data->name);
395 &add_content2xml_hash($out_hash, "mask", $data->mask);
396 &add_content2xml_hash($out_hash, "pw_history_num", $data->pw_history_num);
397 &add_content2xml_hash($out_hash, "pw_max_life", $data->pw_max_life);
398 &add_content2xml_hash($out_hash, "pw_min_classes", $data->pw_min_classes);
399 &add_content2xml_hash($out_hash, "pw_min_length", $data->pw_min_length);
400 &add_content2xml_hash($out_hash, "pw_min_life", $data->pw_min_life);
401 &add_content2xml_hash($out_hash, "policy_refcnt", $data->policy_refcnt);
402 }
404 if (defined $forward_to_gosa) {
405 &add_content2xml_hash($out_hash, "forward_to_gosa", $forward_to_gosa);
406 }
408 # return message
409 return &create_xml_string($out_hash);
410 }
413 sub krb5_create_policy {
414 my ($msg, $msg_hash) = @_;
415 my $header = @{$msg_hash->{'header'}}[0];
416 my $source = @{$msg_hash->{'source'}}[0];
417 my $target = @{$msg_hash->{'target'}}[0];
418 my $session_id = @{$msg_hash->{'session_id'}}[0];
419 my $forward_to_gosa = @{$msg_hash->{'forward_to_gosa'}}[0];
421 # Build return message
422 my $out_hash = &main::create_xml_hash("answer_$header", $target, $source);
423 &add_content2xml_hash($out_hash, "session_id", $session_id);
425 # Sanity check
426 if (not defined @{$msg_hash->{'policy'}}[0]){
427 &add_content2xml_hash($out_hash, "error", "No policy specified");
428 if (defined $forward_to_gosa) {
429 &add_content2xml_hash($out_hash, "forward_to_gosa", $forward_to_gosa);
430 }
432 return &create_xml_string($out_hash);
433 }
434 &add_content2xml_hash($msg_hash, "name", @{$msg_hash->{'policy'}}[0]);
436 # Authenticate
437 my $kadm5 = Authen::Krb5::Admin->init_with_password($krb_admin, $krb_password);
438 if (not defined $kadm5){
439 &add_content2xml_hash($out_hash, "error", "Cannot connect to kadmin server");
440 } else {
441 if ( $kadm5->get_policy(@{$msg_hash->{'policy'}}[0])) {
442 &add_content2xml_hash($out_hash, "error", "Policy exists");
443 if (defined $forward_to_gosa) {
444 &add_content2xml_hash($out_hash, "forward_to_gosa", $forward_to_gosa);
445 }
446 return &create_xml_string($out_hash);
447 }
449 my $pol = Authen::Krb5::Admin::Policy->new;
451 # Move information from xml message to modifyer
452 foreach ('name', 'mask', 'pw_history_num', 'pw_max_life', 'pw_min_classes',
453 'pw_min_length', 'pw_min_life'){
455 if (defined @{$msg_hash->{$_}}[0]){
456 $pol->$_(@{$msg_hash->{$_}}[0]);
457 }
458 }
460 # Create info
461 $kadm5->create_policy($pol) or &add_content2xml_hash($out_hash, "error", Authen::Krb5::Admin::error);
462 }
464 if (defined $forward_to_gosa) {
465 &add_content2xml_hash($out_hash, "forward_to_gosa", $forward_to_gosa);
466 }
468 # build return message with twisted target and source
469 my $out_msg = &create_xml_string($out_hash);
471 # return message
472 return $out_msg;
473 }
476 sub krb5_modify_policy {
477 my ($msg, $msg_hash) = @_;
478 my $header = @{$msg_hash->{'header'}}[0];
479 my $source = @{$msg_hash->{'source'}}[0];
480 my $target = @{$msg_hash->{'target'}}[0];
481 my $session_id = @{$msg_hash->{'session_id'}}[0];
482 my $forward_to_gosa = @{$msg_hash->{'forward_to_gosa'}}[0];
484 # Build return message
485 my $out_hash = &main::create_xml_hash("answer_$header", $target, $source);
486 &add_content2xml_hash($out_hash, "session_id", $session_id);
488 # Sanity check
489 if (not defined @{$msg_hash->{'policy'}}[0]){
490 if (defined $forward_to_gosa) {
491 &add_content2xml_hash($out_hash, "forward_to_gosa", $forward_to_gosa);
492 }
493 &add_content2xml_hash($out_hash, "error", "No policy specified");
494 return &create_xml_string($out_hash);
495 }
496 &add_content2xml_hash($msg_hash, "name", @{$msg_hash->{'policy'}}[0]);
498 # Authenticate
499 my $kadm5 = Authen::Krb5::Admin->init_with_password($krb_admin, $krb_password);
500 if (not defined $kadm5){
501 &add_content2xml_hash($out_hash, "error", "Cannot connect to kadmin server");
502 } else {
503 my $pol = Authen::Krb5::Admin::Policy->new;
505 # Move information from xml message to modifyer
506 foreach ('name', 'mask', 'pw_history_num', 'pw_max_life', 'pw_min_classes',
507 'pw_min_length', 'pw_min_life'){
509 if (defined @{$msg_hash->{$_}}[0]){
510 $pol->$_(@{$msg_hash->{$_}}[0]);
511 }
512 }
514 # Create info
515 $kadm5->modify_policy($pol) or &add_content2xml_hash($out_hash, "error", Authen::Krb5::Admin::error);
516 }
518 if (defined $forward_to_gosa) {
519 &add_content2xml_hash($out_hash, "forward_to_gosa", $forward_to_gosa);
520 }
522 # build return message with twisted target and source
523 my $out_msg = &create_xml_string($out_hash);
525 # return message
526 return $out_msg;
527 }
530 sub krb5_del_policy {
531 my ($msg, $msg_hash) = @_;
532 my $header = @{$msg_hash->{'header'}}[0];
533 my $source = @{$msg_hash->{'source'}}[0];
534 my $target = @{$msg_hash->{'target'}}[0];
535 my $session_id = @{$msg_hash->{'session_id'}}[0];
536 my $forward_to_gosa = @{$msg_hash->{'forward_to_gosa'}}[0];
538 # build return message with twisted target and source
539 my $out_hash = &main::create_xml_hash("answer_$header", $target, $source);
540 &add_content2xml_hash($out_hash, "session_id", $session_id);
542 # Sanity check
543 if (not defined @{$msg_hash->{'policy'}}[0]){
544 if (defined $forward_to_gosa) {
545 &add_content2xml_hash($out_hash, "forward_to_gosa", $forward_to_gosa);
546 }
547 &add_content2xml_hash($out_hash, "error", "No policy specified");
548 return &create_xml_string($out_hash);
549 }
551 # Authenticate
552 my $kadm5 = Authen::Krb5::Admin->init_with_password($krb_admin, $krb_password);
553 my $policy= @{$msg_hash->{'policy'}}[0];
554 if (not defined $kadm5){
555 &add_content2xml_hash($out_hash, "error", "Cannot connect to kadmin server");
556 } else {
557 $kadm5->delete_policy($policy) or &add_content2xml_hash($out_hash, "error", Authen::Krb5::Admin::error);
558 }
560 if (defined $forward_to_gosa) {
561 &add_content2xml_hash($out_hash, "forward_to_gosa", $forward_to_gosa);
562 }
564 # return message
565 return &create_xml_string($out_hash);
566 }
568 sub krb5_set_password {
569 my ($msg, $msg_hash) = @_;
570 my $header = @{$msg_hash->{'header'}}[0];
571 my $source = @{$msg_hash->{'source'}}[0];
572 my $target = @{$msg_hash->{'target'}}[0];
573 my $session_id = @{$msg_hash->{'session_id'}}[0];
574 my $forward_to_gosa = @{$msg_hash->{'forward_to_gosa'}}[0];
576 # build return message with twisted target and source
577 my $out_hash = &main::create_xml_hash("answer_$header", $target, $source);
578 &add_content2xml_hash($out_hash, "session_id", $session_id);
580 # Sanity check
581 if (not defined @{$msg_hash->{'principal'}}[0]){
582 if (defined $forward_to_gosa) {
583 &add_content2xml_hash($out_hash, "forward_to_gosa", $forward_to_gosa);
584 }
586 &add_content2xml_hash($out_hash, "error", "No principal specified");
587 return &create_xml_string($out_hash);
588 }
589 if (not defined @{$msg_hash->{'password'}}[0]){
590 if (defined $forward_to_gosa) {
591 &add_content2xml_hash($out_hash, "forward_to_gosa", $forward_to_gosa);
592 }
594 &add_content2xml_hash($out_hash, "error", "No password specified");
595 return &create_xml_string($out_hash);
596 }
598 # Authenticate
599 my $kadm5 = Authen::Krb5::Admin->init_with_password($krb_admin, $krb_password);
600 my $principal;
601 if (not defined $kadm5){
602 &add_content2xml_hash($out_hash, "error", "Cannot connect to kadmin server");
603 }
605 $principal= Authen::Krb5::parse_name(@{$msg_hash->{'principal'}}[0]);
606 if(not defined $principal) {
607 &add_content2xml_hash($out_hash, "error", "Illegal principal name");
608 } else {
609 $kadm5->chpass_principal($principal, @{$msg_hash->{'password'}}[0]) or &add_content2xml_hash($out_hash, "error", Authen::Krb5::Admin::error);
610 }
612 if (defined $forward_to_gosa) {
613 &add_content2xml_hash($out_hash, "forward_to_gosa", $forward_to_gosa);
614 }
616 # return message
617 return &create_xml_string($out_hash);
618 }
619 1;