![[tokkee]](http://tokkee.org/images/avatar.png){kind=avatar}
1 package krb5;
4 use strict;
5 use warnings;
7 use Exporter;
8 use GOSA::GosaSupportDaemon;
9 use Authen::Krb5;
10 use Authen::Krb5::Admin qw(:constants);
12 our @ISA = qw(Exporter);
14 my @events = (
15 "get_events",
16 "krb5_list_principals",
17 "krb5_list_policies",
18 "krb5_get_principal",
19 "krb5_create_principal",
20 "krb5_modify_principal",
21 "krb5_del_principal",
22 "krb5_get_policy",
23 "krb5_create_policy",
24 "krb5_modify_policy",
25 "krb5_del_policy",
26 "krb5_set_password",
27 );
29 our @EXPORT = @events;
31 BEGIN {}
33 END {}
35 ### Start ######################################################################
37 Authen::Krb5::init_context;
38 Authen::Krb5::init_ets;
40 my $krb_admin;
41 my $krb_password;
43 my %cfg_defaults = (
44 "krb5" => {
45 "admin" => [\$krb_admin, ""],
46 "password" => [\$krb_password, ""],
47 },
48 );
49 &krb5_read_configfile($main::cfg_file, %cfg_defaults);
52 sub krb5_read_configfile {
53 my ($cfg_file, %cfg_defaults) = @_;
54 my $cfg;
56 if( defined( $cfg_file) && ( (-s $cfg_file) > 0 )) {
57 if( -r $cfg_file ) {
58 $cfg = Config::IniFiles->new( -file => $cfg_file );
59 } else {
60 &main::daemon_log("ERROR: krb5.pm couldn't read config file!", 1);
61 }
62 } else {
63 $cfg = Config::IniFiles->new() ;
64 }
65 foreach my $section (keys %cfg_defaults) {
66 foreach my $param (keys %{$cfg_defaults{ $section }}) {
67 my $pinfo = $cfg_defaults{ $section }{ $param };
68 ${@$pinfo[0]} = $cfg->val( $section, $param, @$pinfo[1] );
69 }
70 }
71 }
74 sub get_events { return \@events; }
77 sub krb5_list_principals {
78 my ($msg, $msg_hash) = @_;
79 my $header = @{$msg_hash->{'header'}}[0];
80 my $source = @{$msg_hash->{'source'}}[0];
81 my $target = @{$msg_hash->{'target'}}[0];
82 my $session_id = @{$msg_hash->{'session_id'}}[0];
84 # build return message with twisted target and source
85 my $out_hash = &main::create_xml_hash("answer_$header", $target, $source);
86 &add_content2xml_hash($out_hash, "session_id", $session_id);
88 # Authenticate
89 my $kadm5 = Authen::Krb5::Admin->init_with_password($krb_admin, $krb_password);
90 if (not defined $kadm5){
91 &add_content2xml_hash($out_hash, "error", "Cannot connect to kadmin server");
92 } else {
93 my @principals= $kadm5->get_principals() or &add_content2xml_hash($out_hash, "error", Authen::Krb5::Admin::error);
94 for my $principal (@principals) {
95 &add_content2xml_hash($out_hash, "principal", $principal);
96 }
97 }
99 my $forward_to_gosa = @{$msg_hash->{'forward_to_gosa'}}[0];
100 if (defined $forward_to_gosa) {
101 &add_content2xml_hash($out_hash, "forward_to_gosa", $forward_to_gosa);
102 }
104 # return message
105 return &create_xml_string($out_hash);
106 }
109 sub krb5_create_principal {
110 my ($msg, $msg_hash) = @_;
111 my $header = @{$msg_hash->{'header'}}[0];
112 my $source = @{$msg_hash->{'source'}}[0];
113 my $target = @{$msg_hash->{'target'}}[0];
114 my $session_id = @{$msg_hash->{'session_id'}}[0];
115 my $forward_to_gosa = @{$msg_hash->{'forward_to_gosa'}}[0];
117 # build return message with twisted target and source
118 my $out_hash = &main::create_xml_hash("answer_$header", $target, $source);
119 &add_content2xml_hash($out_hash, "session_id", $session_id);
121 # Sanity check
122 if (not defined @{$msg_hash->{'principal'}}[0]){
123 &add_content2xml_hash($out_hash, "error", "No principal specified");
124 return &create_xml_string($out_hash);
125 }
127 # Authenticate
128 my $kadm5 = Authen::Krb5::Admin->init_with_password($krb_admin, $krb_password);
129 my $principal;
130 if (not defined $kadm5){
131 &add_content2xml_hash($out_hash, "error", "Cannot connect to kadmin server");
132 } else {
133 $principal= Authen::Krb5::parse_name(@{$msg_hash->{'principal'}}[0]);
134 if(not defined $principal) {
135 &add_content2xml_hash($out_hash, "error", "Illegal principal name");
136 } else {
137 if ( $kadm5->get_principal($principal)){
138 &add_content2xml_hash($out_hash, "error", "Principal exists");
139 if (defined $forward_to_gosa) {
140 &add_content2xml_hash($out_hash, "forward_to_gosa", $forward_to_gosa);
141 }
142 return &create_xml_string($out_hash);
143 }
145 my $princ= Authen::Krb5::Admin::Principal->new;
146 foreach ('mask', 'attributes', 'aux_attributes', 'max_life', 'max_renewable_life',
147 'policy', 'princ_expire_time', 'pw_expiration'){
149 if (defined @{$msg_hash->{$_}}[0]){
150 $princ->$_(@{$msg_hash->{$_}}[0]);
151 }
152 }
154 $princ->principal($principal);
155 $kadm5->create_principal($princ, join '', map { chr rand(255) + 1 } 1..256) or &add_content2xml_hash($out_hash, "error", Authen::Krb5::Admin::error);
157 # Directly randomize key
158 $kadm5->randkey_principal($principal);
159 }
160 }
162 if (defined $forward_to_gosa) {
163 &add_content2xml_hash($out_hash, "forward_to_gosa", $forward_to_gosa);
164 }
166 # return message
167 return &create_xml_string($out_hash);
168 }
171 sub krb5_modify_principal {
172 my ($msg, $msg_hash) = @_;
173 my $header = @{$msg_hash->{'header'}}[0];
174 my $source = @{$msg_hash->{'source'}}[0];
175 my $target = @{$msg_hash->{'target'}}[0];
176 my $session_id = @{$msg_hash->{'session_id'}}[0];
177 my $forward_to_gosa = @{$msg_hash->{'forward_to_gosa'}}[0];
179 # build return message with twisted target and source
180 my $out_hash = &main::create_xml_hash("answer_$header", $target, $source);
181 &add_content2xml_hash($out_hash, "session_id", $session_id);
183 # Sanity check
184 if (not defined @{$msg_hash->{'principal'}}[0]){
185 &add_content2xml_hash($out_hash, "error", "No principal specified");
186 if (defined $forward_to_gosa) {
187 &add_content2xml_hash($out_hash, "forward_to_gosa", $forward_to_gosa);
188 }
189 return &create_xml_string($out_hash);
190 }
192 # Authenticate
193 my $kadm5 = Authen::Krb5::Admin->init_with_password($krb_admin, $krb_password);
194 my $principal;
195 if (not defined $kadm5){
196 &add_content2xml_hash($out_hash, "error", "Cannot connect to kadmin server");
197 } else {
198 $principal= Authen::Krb5::parse_name(@{$msg_hash->{'principal'}}[0]);
199 if(not defined $principal) {
200 &add_content2xml_hash($out_hash, "error", "Illegal principal name");
201 } else {
202 if (not $kadm5->get_principal($principal)){
203 &add_content2xml_hash($out_hash, "error", "Principal does not exists");
204 if (defined $forward_to_gosa) {
205 &add_content2xml_hash($out_hash, "forward_to_gosa", $forward_to_gosa);
206 }
207 return &create_xml_string($out_hash);
208 }
210 my $princ= Authen::Krb5::Admin::Principal->new;
211 foreach ('mask', 'attributes', 'aux_attributes', 'max_life', 'max_renewable_life',
212 'policy', 'princ_expire_time', 'pw_expiration'){
214 if (defined @{$msg_hash->{$_}}[0]){
215 $princ->$_(@{$msg_hash->{$_}}[0]);
216 }
217 }
219 $princ->principal($principal);
220 $kadm5->modify_principal($princ) or &add_content2xml_hash($out_hash, "error", Authen::Krb5::Admin::error);
221 }
222 }
224 if (defined $forward_to_gosa) {
225 &add_content2xml_hash($out_hash, "forward_to_gosa", $forward_to_gosa);
226 }
228 # return message
229 return &create_xml_string($out_hash);
230 }
233 sub krb5_get_principal {
234 my ($msg, $msg_hash) = @_;
235 my $header = @{$msg_hash->{'header'}}[0];
236 my $source = @{$msg_hash->{'source'}}[0];
237 my $target = @{$msg_hash->{'target'}}[0];
238 my $session_id = @{$msg_hash->{'session_id'}}[0];
239 my $forward_to_gosa = @{$msg_hash->{'forward_to_gosa'}}[0];
241 # build return message with twisted target and source
242 my $out_hash = &main::create_xml_hash("answer_$header", $target, $source);
243 &add_content2xml_hash($out_hash, "session_id", $session_id);
245 # Sanity check
246 if (not defined @{$msg_hash->{'principal'}}[0]){
247 &add_content2xml_hash($out_hash, "error", "No principal specified");
248 if (defined $forward_to_gosa) {
249 &add_content2xml_hash($out_hash, "forward_to_gosa", $forward_to_gosa);
250 }
251 return &create_xml_string($out_hash);
252 }
254 # Authenticate
255 my $kadm5 = Authen::Krb5::Admin->init_with_password($krb_admin, $krb_password);
256 my $principal;
257 if (not defined $kadm5){
258 &add_content2xml_hash($out_hash, "error", "Cannot connect to kadmin server");
259 } else {
260 $principal= Authen::Krb5::parse_name(@{$msg_hash->{'principal'}}[0]);
261 if(not defined $principal) {
262 &add_content2xml_hash($out_hash, "error", "Illegal principal name");
263 } else {
264 my $data= $kadm5->get_principal($principal) or &add_content2xml_hash($out_hash, "error", Authen::Krb5::Admin::error);
265 &add_content2xml_hash($out_hash, "principal", @{$msg_hash->{'principal'}}[0]);
266 &add_content2xml_hash($out_hash, "mask", $data->mask);
267 &add_content2xml_hash($out_hash, "attributes", $data->attributes);
268 &add_content2xml_hash($out_hash, "kvno", $data->kvno);
269 &add_content2xml_hash($out_hash, "max_life", $data->max_life);
270 &add_content2xml_hash($out_hash, "max_renewable_life", $data->max_renewable_life);
271 &add_content2xml_hash($out_hash, "aux_attributes", $data->aux_attributes);
272 &add_content2xml_hash($out_hash, "policy", $data->policy);
273 &add_content2xml_hash($out_hash, "fail_auth_count", $data->fail_auth_count);
274 &add_content2xml_hash($out_hash, "last_failed", $data->last_failed);
275 &add_content2xml_hash($out_hash, "last_pwd_change", $data->last_pwd_change);
276 &add_content2xml_hash($out_hash, "last_success", $data->last_success);
277 &add_content2xml_hash($out_hash, "mod_date", $data->mod_date);
278 &add_content2xml_hash($out_hash, "princ_expire_time", $data->princ_expire_time);
279 &add_content2xml_hash($out_hash, "pw_expiration", $data->pw_expiration);
280 }
281 }
283 if (defined $forward_to_gosa) {
284 &add_content2xml_hash($out_hash, "forward_to_gosa", $forward_to_gosa);
285 }
287 # return message
288 return &create_xml_string($out_hash);
289 }
292 sub krb5_del_principal {
293 my ($msg, $msg_hash) = @_;
294 my $header = @{$msg_hash->{'header'}}[0];
295 my $source = @{$msg_hash->{'source'}}[0];
296 my $target = @{$msg_hash->{'target'}}[0];
297 my $session_id = @{$msg_hash->{'session_id'}}[0];
298 my $forward_to_gosa = @{$msg_hash->{'forward_to_gosa'}}[0];
300 # build return message with twisted target and source
301 my $out_hash = &main::create_xml_hash("answer_$header", $target, $source);
302 &add_content2xml_hash($out_hash, "session_id", $session_id);
304 # Sanity check
305 if (not defined @{$msg_hash->{'principal'}}[0]){
306 if (defined $forward_to_gosa) {
307 &add_content2xml_hash($out_hash, "forward_to_gosa", $forward_to_gosa);
308 }
309 &add_content2xml_hash($out_hash, "error", "No principal specified");
310 return &create_xml_string($out_hash);
311 }
313 # Authenticate
314 my $kadm5 = Authen::Krb5::Admin->init_with_password($krb_admin, $krb_password);
315 my $principal;
316 if (not defined $kadm5){
317 &add_content2xml_hash($out_hash, "error", "Cannot connect to kadmin server");
318 } else {
319 $principal= Authen::Krb5::parse_name(@{$msg_hash->{'principal'}}[0]);
320 if(not defined $principal) {
321 &add_content2xml_hash($out_hash, "error", "Illegal principal name");
322 } else {
323 $kadm5->delete_principal($principal) or &add_content2xml_hash($out_hash, "error", Authen::Krb5::Admin::error);
324 }
325 }
327 if (defined $forward_to_gosa) {
328 &add_content2xml_hash($out_hash, "forward_to_gosa", $forward_to_gosa);
329 }
331 # return message
332 return &create_xml_string($out_hash);
333 }
336 sub krb5_list_policies {
337 my ($msg, $msg_hash) = @_;
338 my $header = @{$msg_hash->{'header'}}[0];
339 my $source = @{$msg_hash->{'source'}}[0];
340 my $target = @{$msg_hash->{'target'}}[0];
341 my $session_id = @{$msg_hash->{'session_id'}}[0];
343 # build return message with twisted target and source
344 my $out_hash = &main::create_xml_hash("answer_$header", $target, $source);
345 &add_content2xml_hash($out_hash, "session_id", $session_id);
347 # Authenticate
348 my $kadm5 = Authen::Krb5::Admin->init_with_password($krb_admin, $krb_password);
349 if (not defined $kadm5){
350 &add_content2xml_hash($out_hash, "error", "Cannot connect to kadmin server");
351 } else {
352 my @policies= $kadm5->get_policies(); # or &add_content2xml_hash($out_hash, "error", Authen::Krb5::Admin::error);
353 for my $policy (@policies) {
354 &add_content2xml_hash($out_hash, "policy", $policy);
355 }
356 }
358 my $forward_to_gosa = @{$msg_hash->{'forward_to_gosa'}}[0];
359 if (defined $forward_to_gosa) {
360 &add_content2xml_hash($out_hash, "forward_to_gosa", $forward_to_gosa);
361 }
363 # return message
364 return &create_xml_string($out_hash);
365 }
368 sub krb5_get_policy {
369 my ($msg, $msg_hash) = @_;
370 my $header = @{$msg_hash->{'header'}}[0];
371 my $source = @{$msg_hash->{'source'}}[0];
372 my $target = @{$msg_hash->{'target'}}[0];
373 my $session_id = @{$msg_hash->{'session_id'}}[0];
374 my $forward_to_gosa = @{$msg_hash->{'forward_to_gosa'}}[0];
376 # build return message with twisted target and source
377 my $out_hash = &main::create_xml_hash("answer_$header", $target, $source);
378 &add_content2xml_hash($out_hash, "session_id", $session_id);
380 # Sanity check
381 if (not defined @{$msg_hash->{'policy'}}[0]){
382 &add_content2xml_hash($out_hash, "error", "No policy specified");
383 if (defined $forward_to_gosa) {
384 &add_content2xml_hash($out_hash, "forward_to_gosa", $forward_to_gosa);
385 }
386 return &create_xml_string($out_hash);
387 }
389 # Authenticate
390 my $kadm5 = Authen::Krb5::Admin->init_with_password($krb_admin, $krb_password);
391 my $principal;
392 if (not defined $kadm5){
393 &add_content2xml_hash($out_hash, "error", "Cannot connect to kadmin server");
394 } else {
395 my $data= $kadm5->get_policy(@{$msg_hash->{'policy'}}[0]) or &add_content2xml_hash($out_hash, "error", Authen::Krb5::Admin::error);
396 &add_content2xml_hash($out_hash, "name", $data->name);
397 &add_content2xml_hash($out_hash, "mask", $data->mask);
398 &add_content2xml_hash($out_hash, "pw_history_num", $data->pw_history_num);
399 &add_content2xml_hash($out_hash, "pw_max_life", $data->pw_max_life);
400 &add_content2xml_hash($out_hash, "pw_min_classes", $data->pw_min_classes);
401 &add_content2xml_hash($out_hash, "pw_min_length", $data->pw_min_length);
402 &add_content2xml_hash($out_hash, "pw_min_life", $data->pw_min_life);
403 &add_content2xml_hash($out_hash, "policy_refcnt", $data->policy_refcnt);
404 }
406 if (defined $forward_to_gosa) {
407 &add_content2xml_hash($out_hash, "forward_to_gosa", $forward_to_gosa);
408 }
410 # return message
411 return &create_xml_string($out_hash);
412 }
415 sub krb5_create_policy {
416 my ($msg, $msg_hash) = @_;
417 my $header = @{$msg_hash->{'header'}}[0];
418 my $source = @{$msg_hash->{'source'}}[0];
419 my $target = @{$msg_hash->{'target'}}[0];
420 my $session_id = @{$msg_hash->{'session_id'}}[0];
421 my $forward_to_gosa = @{$msg_hash->{'forward_to_gosa'}}[0];
423 # Build return message
424 my $out_hash = &main::create_xml_hash("answer_$header", $target, $source);
425 &add_content2xml_hash($out_hash, "session_id", $session_id);
427 # Sanity check
428 if (not defined @{$msg_hash->{'policy'}}[0]){
429 &add_content2xml_hash($out_hash, "error", "No policy specified");
430 if (defined $forward_to_gosa) {
431 &add_content2xml_hash($out_hash, "forward_to_gosa", $forward_to_gosa);
432 }
434 return &create_xml_string($out_hash);
435 }
436 &add_content2xml_hash($msg_hash, "name", @{$msg_hash->{'policy'}}[0]);
438 # Authenticate
439 my $kadm5 = Authen::Krb5::Admin->init_with_password($krb_admin, $krb_password);
440 if (not defined $kadm5){
441 &add_content2xml_hash($out_hash, "error", "Cannot connect to kadmin server");
442 } else {
443 if ( $kadm5->get_policy(@{$msg_hash->{'policy'}}[0])) {
444 &add_content2xml_hash($out_hash, "error", "Policy exists");
445 if (defined $forward_to_gosa) {
446 &add_content2xml_hash($out_hash, "forward_to_gosa", $forward_to_gosa);
447 }
448 return &create_xml_string($out_hash);
449 }
451 my $pol = Authen::Krb5::Admin::Policy->new;
453 # Move information from xml message to modifyer
454 foreach ('name', 'mask', 'pw_history_num', 'pw_max_life', 'pw_min_classes',
455 'pw_min_length', 'pw_min_life'){
457 if (defined @{$msg_hash->{$_}}[0]){
458 $pol->$_(@{$msg_hash->{$_}}[0]);
459 }
460 }
462 # Create info
463 $kadm5->create_policy($pol) or &add_content2xml_hash($out_hash, "error", Authen::Krb5::Admin::error);
464 }
466 if (defined $forward_to_gosa) {
467 &add_content2xml_hash($out_hash, "forward_to_gosa", $forward_to_gosa);
468 }
470 # build return message with twisted target and source
471 my $out_msg = &create_xml_string($out_hash);
473 # return message
474 return $out_msg;
475 }
478 sub krb5_modify_policy {
479 my ($msg, $msg_hash) = @_;
480 my $header = @{$msg_hash->{'header'}}[0];
481 my $source = @{$msg_hash->{'source'}}[0];
482 my $target = @{$msg_hash->{'target'}}[0];
483 my $session_id = @{$msg_hash->{'session_id'}}[0];
484 my $forward_to_gosa = @{$msg_hash->{'forward_to_gosa'}}[0];
486 # Build return message
487 my $out_hash = &main::create_xml_hash("answer_$header", $target, $source);
488 &add_content2xml_hash($out_hash, "session_id", $session_id);
490 # Sanity check
491 if (not defined @{$msg_hash->{'policy'}}[0]){
492 if (defined $forward_to_gosa) {
493 &add_content2xml_hash($out_hash, "forward_to_gosa", $forward_to_gosa);
494 }
495 &add_content2xml_hash($out_hash, "error", "No policy specified");
496 return &create_xml_string($out_hash);
497 }
498 &add_content2xml_hash($msg_hash, "name", @{$msg_hash->{'policy'}}[0]);
500 # Authenticate
501 my $kadm5 = Authen::Krb5::Admin->init_with_password($krb_admin, $krb_password);
502 if (not defined $kadm5){
503 &add_content2xml_hash($out_hash, "error", "Cannot connect to kadmin server");
504 } else {
505 my $pol = Authen::Krb5::Admin::Policy->new;
507 # Move information from xml message to modifyer
508 foreach ('name', 'mask', 'pw_history_num', 'pw_max_life', 'pw_min_classes',
509 'pw_min_length', 'pw_min_life'){
511 if (defined @{$msg_hash->{$_}}[0]){
512 $pol->$_(@{$msg_hash->{$_}}[0]);
513 }
514 }
516 # Create info
517 $kadm5->modify_policy($pol) or &add_content2xml_hash($out_hash, "error", Authen::Krb5::Admin::error);
518 }
520 if (defined $forward_to_gosa) {
521 &add_content2xml_hash($out_hash, "forward_to_gosa", $forward_to_gosa);
522 }
524 # build return message with twisted target and source
525 my $out_msg = &create_xml_string($out_hash);
527 # return message
528 return $out_msg;
529 }
532 sub krb5_del_policy {
533 my ($msg, $msg_hash) = @_;
534 my $header = @{$msg_hash->{'header'}}[0];
535 my $source = @{$msg_hash->{'source'}}[0];
536 my $target = @{$msg_hash->{'target'}}[0];
537 my $session_id = @{$msg_hash->{'session_id'}}[0];
538 my $forward_to_gosa = @{$msg_hash->{'forward_to_gosa'}}[0];
540 # build return message with twisted target and source
541 my $out_hash = &main::create_xml_hash("answer_$header", $target, $source);
542 &add_content2xml_hash($out_hash, "session_id", $session_id);
544 # Sanity check
545 if (not defined @{$msg_hash->{'policy'}}[0]){
546 if (defined $forward_to_gosa) {
547 &add_content2xml_hash($out_hash, "forward_to_gosa", $forward_to_gosa);
548 }
549 &add_content2xml_hash($out_hash, "error", "No policy specified");
550 return &create_xml_string($out_hash);
551 }
553 # Authenticate
554 my $kadm5 = Authen::Krb5::Admin->init_with_password($krb_admin, $krb_password);
555 my $policy= @{$msg_hash->{'policy'}}[0];
556 if (not defined $kadm5){
557 &add_content2xml_hash($out_hash, "error", "Cannot connect to kadmin server");
558 } else {
559 $kadm5->delete_policy($policy) or &add_content2xml_hash($out_hash, "error", Authen::Krb5::Admin::error);
560 }
562 if (defined $forward_to_gosa) {
563 &add_content2xml_hash($out_hash, "forward_to_gosa", $forward_to_gosa);
564 }
566 # return message
567 return &create_xml_string($out_hash);
568 }
570 sub krb5_set_password {
571 my ($msg, $msg_hash) = @_;
572 my $header = @{$msg_hash->{'header'}}[0];
573 my $source = @{$msg_hash->{'source'}}[0];
574 my $target = @{$msg_hash->{'target'}}[0];
575 my $session_id = @{$msg_hash->{'session_id'}}[0];
576 my $forward_to_gosa = @{$msg_hash->{'forward_to_gosa'}}[0];
578 # build return message with twisted target and source
579 my $out_hash = &main::create_xml_hash("answer_$header", $target, $source);
580 &add_content2xml_hash($out_hash, "session_id", $session_id);
582 # Sanity check
583 if (not defined @{$msg_hash->{'principal'}}[0]){
584 if (defined $forward_to_gosa) {
585 &add_content2xml_hash($out_hash, "forward_to_gosa", $forward_to_gosa);
586 }
588 &add_content2xml_hash($out_hash, "error", "No principal specified");
589 return &create_xml_string($out_hash);
590 }
591 if (not defined @{$msg_hash->{'password'}}[0]){
592 if (defined $forward_to_gosa) {
593 &add_content2xml_hash($out_hash, "forward_to_gosa", $forward_to_gosa);
594 }
596 &add_content2xml_hash($out_hash, "error", "No password specified");
597 return &create_xml_string($out_hash);
598 }
600 # Authenticate
601 my $kadm5 = Authen::Krb5::Admin->init_with_password($krb_admin, $krb_password);
602 my $principal;
603 if (not defined $kadm5){
604 &add_content2xml_hash($out_hash, "error", "Cannot connect to kadmin server");
605 }
607 $principal= Authen::Krb5::parse_name(@{$msg_hash->{'principal'}}[0]);
608 if(not defined $principal) {
609 &add_content2xml_hash($out_hash, "error", "Illegal principal name");
610 } else {
611 $kadm5->chpass_principal($principal, @{$msg_hash->{'password'}}[0]) or &add_content2xml_hash($out_hash, "error", Authen::Krb5::Admin::error);
612 }
614 if (defined $forward_to_gosa) {
615 &add_content2xml_hash($out_hash, "forward_to_gosa", $forward_to_gosa);
616 }
618 # return message
619 return &create_xml_string($out_hash);
620 }
621 1;