![[tokkee]](http://tokkee.org/images/avatar.png){kind=avatar}
1 package krb5;
2 use Exporter;
3 @ISA = qw(Exporter);
4 my @events = (
5 "get_events",
6 "krb5_list_principals",
7 "krb5_list_policies",
8 "krb5_get_principal",
9 "krb5_create_principal",
10 "krb5_modify_principal",
11 "krb5_del_principal",
12 "krb5_get_policy",
13 "krb5_create_policy",
14 "krb5_modify_policy",
15 "krb5_del_policy",
16 "krb5_set_password",
17 );
18 @EXPORT = @events;
20 use strict;
21 use warnings;
22 use Data::Dumper;
23 use GOSA::GosaSupportDaemon;
24 use Authen::Krb5;
25 use Authen::Krb5::Admin qw(:constants);
27 BEGIN {}
29 END {}
31 ### Start ######################################################################
33 Authen::Krb5::init_context;
34 Authen::Krb5::init_ets;
36 my $krb_admin;
37 my $krb_password;
39 my %cfg_defaults = (
40 "krb5" => {
41 "admin" => [\$krb_admin, ""],
42 "password" => [\$krb_password, ""],
43 },
44 );
45 &read_configfile($main::cfg_file, %cfg_defaults);
48 sub read_configfile {
49 my ($cfg_file, %cfg_defaults) = @_;
50 my $cfg;
52 if( defined( $cfg_file) && ( (-s $cfg_file) > 0 )) {
53 if( -r $cfg_file ) {
54 $cfg = Config::IniFiles->new( -file => $cfg_file );
55 } else {
56 &main::daemon_log("ERROR: krb5.pm couldn't read config file!", 1);
57 }
58 } else {
59 $cfg = Config::IniFiles->new() ;
60 }
61 foreach my $section (keys %cfg_defaults) {
62 foreach my $param (keys %{$cfg_defaults{ $section }}) {
63 my $pinfo = $cfg_defaults{ $section }{ $param };
64 ${@$pinfo[0]} = $cfg->val( $section, $param, @$pinfo[1] );
65 }
66 }
67 }
70 sub get_events { return \@events; }
73 sub krb5_list_principals {
74 my ($msg, $msg_hash) = @_;
75 my $header = @{$msg_hash->{'header'}}[0];
76 my $source = @{$msg_hash->{'source'}}[0];
77 my $target = @{$msg_hash->{'target'}}[0];
78 my $session_id = @{$msg_hash->{'session_id'}}[0];
80 # build return message with twisted target and source
81 my $out_hash = &main::create_xml_hash("answer_$header", $target, $source);
82 &add_content2xml_hash($out_hash, "session_id", $session_id);
84 # Authenticate
85 my $kadm5 = Authen::Krb5::Admin->init_with_password($krb_admin, $krb_password);
86 if (not defined $kadm5){
87 &add_content2xml_hash($out_hash, "error", "Cannot connect to kadmin server");
88 } else {
89 my @principals= $kadm5->get_principals() or &add_content2xml_hash($out_hash, "error", Authen::Krb5::Admin::error);
90 for my $principal (@principals) {
91 &add_content2xml_hash($out_hash, "principal", $principal);
92 }
93 }
95 my $forward_to_gosa = @{$msg_hash->{'forward_to_gosa'}}[0];
96 if (defined $forward_to_gosa) {
97 &add_content2xml_hash($out_hash, "forward_to_gosa", $forward_to_gosa);
98 }
100 # return message
101 return &create_xml_string($out_hash);
102 }
105 sub krb5_create_principal {
106 my ($msg, $msg_hash) = @_;
107 my $header = @{$msg_hash->{'header'}}[0];
108 my $source = @{$msg_hash->{'source'}}[0];
109 my $target = @{$msg_hash->{'target'}}[0];
110 my $session_id = @{$msg_hash->{'session_id'}}[0];
111 my $forward_to_gosa = @{$msg_hash->{'forward_to_gosa'}}[0];
113 # build return message with twisted target and source
114 my $out_hash = &main::create_xml_hash("answer_$header", $target, $source);
115 &add_content2xml_hash($out_hash, "session_id", $session_id);
117 # Sanity check
118 if (not defined @{$msg_hash->{'principal'}}[0]){
119 &add_content2xml_hash($out_hash, "error", "No principal specified");
120 return &create_xml_string($out_hash);
121 }
123 # Authenticate
124 my $kadm5 = Authen::Krb5::Admin->init_with_password($krb_admin, $krb_password);
125 my $principal;
126 if (not defined $kadm5){
127 &add_content2xml_hash($out_hash, "error", "Cannot connect to kadmin server");
128 } else {
129 $principal= Authen::Krb5::parse_name(@{$msg_hash->{'principal'}}[0]);
130 if(not defined $principal) {
131 &add_content2xml_hash($out_hash, "error", "Illegal principal name");
132 } else {
133 if ( $kadm5->get_principal($principal)){
134 &add_content2xml_hash($out_hash, "error", "Principal exists");
135 if (defined $forward_to_gosa) {
136 &add_content2xml_hash($out_hash, "forward_to_gosa", $forward_to_gosa);
137 }
138 return &create_xml_string($out_hash);
139 }
141 my $princ= Authen::Krb5::Admin::Principal->new;
142 foreach ('mask', 'attributes', 'aux_attributes', 'max_life', 'max_renewable_life',
143 'policy', 'princ_expire_time', 'pw_expiration'){
145 if (defined @{$msg_hash->{$_}}[0]){
146 $princ->$_(@{$msg_hash->{$_}}[0]);
147 }
148 }
150 $princ->principal($principal);
151 $kadm5->create_principal($princ, join '', map { chr rand(255) + 1 } 1..256) or &add_content2xml_hash($out_hash, "error", Authen::Krb5::Admin::error);
153 # Directly randomize key
154 $kadm5->randkey_principal($principal);
155 }
156 }
158 if (defined $forward_to_gosa) {
159 &add_content2xml_hash($out_hash, "forward_to_gosa", $forward_to_gosa);
160 }
162 # return message
163 return &create_xml_string($out_hash);
164 }
167 sub krb5_modify_principal {
168 my ($msg, $msg_hash) = @_;
169 my $header = @{$msg_hash->{'header'}}[0];
170 my $source = @{$msg_hash->{'source'}}[0];
171 my $target = @{$msg_hash->{'target'}}[0];
172 my $session_id = @{$msg_hash->{'session_id'}}[0];
173 my $forward_to_gosa = @{$msg_hash->{'forward_to_gosa'}}[0];
175 # build return message with twisted target and source
176 my $out_hash = &main::create_xml_hash("answer_$header", $target, $source);
177 &add_content2xml_hash($out_hash, "session_id", $session_id);
179 # Sanity check
180 if (not defined @{$msg_hash->{'principal'}}[0]){
181 &add_content2xml_hash($out_hash, "error", "No principal specified");
182 if (defined $forward_to_gosa) {
183 &add_content2xml_hash($out_hash, "forward_to_gosa", $forward_to_gosa);
184 }
185 return &create_xml_string($out_hash);
186 }
188 # Authenticate
189 my $kadm5 = Authen::Krb5::Admin->init_with_password($krb_admin, $krb_password);
190 my $principal;
191 if (not defined $kadm5){
192 &add_content2xml_hash($out_hash, "error", "Cannot connect to kadmin server");
193 } else {
194 $principal= Authen::Krb5::parse_name(@{$msg_hash->{'principal'}}[0]);
195 if(not defined $principal) {
196 &add_content2xml_hash($out_hash, "error", "Illegal principal name");
197 } else {
198 if (not $kadm5->get_principal($principal)){
199 &add_content2xml_hash($out_hash, "error", "Principal does not exists");
200 if (defined $forward_to_gosa) {
201 &add_content2xml_hash($out_hash, "forward_to_gosa", $forward_to_gosa);
202 }
203 return &create_xml_string($out_hash);
204 }
206 my $princ= Authen::Krb5::Admin::Principal->new;
207 foreach ('mask', 'attributes', 'aux_attributes', 'max_life', 'max_renewable_life',
208 'policy', 'princ_expire_time', 'pw_expiration'){
210 if (defined @{$msg_hash->{$_}}[0]){
211 $princ->$_(@{$msg_hash->{$_}}[0]);
212 }
213 }
215 $princ->principal($principal);
216 $kadm5->modify_principal($princ) or &add_content2xml_hash($out_hash, "error", Authen::Krb5::Admin::error);
217 }
218 }
220 if (defined $forward_to_gosa) {
221 &add_content2xml_hash($out_hash, "forward_to_gosa", $forward_to_gosa);
222 }
224 # return message
225 return &create_xml_string($out_hash);
226 }
229 sub krb5_get_principal {
230 my ($msg, $msg_hash) = @_;
231 my $header = @{$msg_hash->{'header'}}[0];
232 my $source = @{$msg_hash->{'source'}}[0];
233 my $target = @{$msg_hash->{'target'}}[0];
234 my $session_id = @{$msg_hash->{'session_id'}}[0];
235 my $forward_to_gosa = @{$msg_hash->{'forward_to_gosa'}}[0];
237 # build return message with twisted target and source
238 my $out_hash = &main::create_xml_hash("answer_$header", $target, $source);
239 &add_content2xml_hash($out_hash, "session_id", $session_id);
241 # Sanity check
242 if (not defined @{$msg_hash->{'principal'}}[0]){
243 &add_content2xml_hash($out_hash, "error", "No principal specified");
244 if (defined $forward_to_gosa) {
245 &add_content2xml_hash($out_hash, "forward_to_gosa", $forward_to_gosa);
246 }
247 return &create_xml_string($out_hash);
248 }
250 # Authenticate
251 my $kadm5 = Authen::Krb5::Admin->init_with_password($krb_admin, $krb_password);
252 my $principal;
253 if (not defined $kadm5){
254 &add_content2xml_hash($out_hash, "error", "Cannot connect to kadmin server");
255 } else {
256 $principal= Authen::Krb5::parse_name(@{$msg_hash->{'principal'}}[0]);
257 if(not defined $principal) {
258 &add_content2xml_hash($out_hash, "error", "Illegal principal name");
259 } else {
260 my $data= $kadm5->get_principal($principal) or &add_content2xml_hash($out_hash, "error", Authen::Krb5::Admin::error);
261 &add_content2xml_hash($out_hash, "principal", @{$msg_hash->{'principal'}}[0]);
262 &add_content2xml_hash($out_hash, "mask", $data->mask);
263 &add_content2xml_hash($out_hash, "attributes", $data->attributes);
264 &add_content2xml_hash($out_hash, "kvno", $data->kvno);
265 &add_content2xml_hash($out_hash, "max_life", $data->max_life);
266 &add_content2xml_hash($out_hash, "max_renewable_life", $data->max_renewable_life);
267 &add_content2xml_hash($out_hash, "aux_attributes", $data->aux_attributes);
268 &add_content2xml_hash($out_hash, "policy", $data->policy);
269 &add_content2xml_hash($out_hash, "fail_auth_count", $data->fail_auth_count);
270 &add_content2xml_hash($out_hash, "last_failed", $data->last_failed);
271 &add_content2xml_hash($out_hash, "last_pwd_change", $data->last_pwd_change);
272 &add_content2xml_hash($out_hash, "last_success", $data->last_success);
273 &add_content2xml_hash($out_hash, "mod_date", $data->mod_date);
274 &add_content2xml_hash($out_hash, "princ_expire_time", $data->princ_expire_time);
275 &add_content2xml_hash($out_hash, "pw_expiration", $data->pw_expiration);
276 }
277 }
279 if (defined $forward_to_gosa) {
280 &add_content2xml_hash($out_hash, "forward_to_gosa", $forward_to_gosa);
281 }
283 # return message
284 return &create_xml_string($out_hash);
285 }
288 sub krb5_del_principal {
289 my ($msg, $msg_hash) = @_;
290 my $header = @{$msg_hash->{'header'}}[0];
291 my $source = @{$msg_hash->{'source'}}[0];
292 my $target = @{$msg_hash->{'target'}}[0];
293 my $session_id = @{$msg_hash->{'session_id'}}[0];
294 my $forward_to_gosa = @{$msg_hash->{'forward_to_gosa'}}[0];
296 # build return message with twisted target and source
297 my $out_hash = &main::create_xml_hash("answer_$header", $target, $source);
298 &add_content2xml_hash($out_hash, "session_id", $session_id);
300 # Sanity check
301 if (not defined @{$msg_hash->{'principal'}}[0]){
302 if (defined $forward_to_gosa) {
303 &add_content2xml_hash($out_hash, "forward_to_gosa", $forward_to_gosa);
304 }
305 &add_content2xml_hash($out_hash, "error", "No principal specified");
306 return &create_xml_string($out_hash);
307 }
309 # Authenticate
310 my $kadm5 = Authen::Krb5::Admin->init_with_password($krb_admin, $krb_password);
311 my $principal;
312 if (not defined $kadm5){
313 &add_content2xml_hash($out_hash, "error", "Cannot connect to kadmin server");
314 } else {
315 $principal= Authen::Krb5::parse_name(@{$msg_hash->{'principal'}}[0]);
316 if(not defined $principal) {
317 &add_content2xml_hash($out_hash, "error", "Illegal principal name");
318 } else {
319 $kadm5->delete_principal($principal) or &add_content2xml_hash($out_hash, "error", Authen::Krb5::Admin::error);
320 }
321 }
323 if (defined $forward_to_gosa) {
324 &add_content2xml_hash($out_hash, "forward_to_gosa", $forward_to_gosa);
325 }
327 # return message
328 return &create_xml_string($out_hash);
329 }
332 sub krb5_list_policies {
333 my ($msg, $msg_hash) = @_;
334 my $header = @{$msg_hash->{'header'}}[0];
335 my $source = @{$msg_hash->{'source'}}[0];
336 my $target = @{$msg_hash->{'target'}}[0];
337 my $session_id = @{$msg_hash->{'session_id'}}[0];
339 # build return message with twisted target and source
340 my $out_hash = &main::create_xml_hash("answer_$header", $target, $source);
341 &add_content2xml_hash($out_hash, "session_id", $session_id);
343 # Authenticate
344 my $kadm5 = Authen::Krb5::Admin->init_with_password($krb_admin, $krb_password);
345 if (not defined $kadm5){
346 &add_content2xml_hash($out_hash, "error", "Cannot connect to kadmin server");
347 } else {
348 my @policies= $kadm5->get_policies() or &add_content2xml_hash($out_hash, "error", Authen::Krb5::Admin::error);
349 for my $policy (@policies) {
350 &add_content2xml_hash($out_hash, "policy", $policy);
351 }
352 }
354 my $forward_to_gosa = @{$msg_hash->{'forward_to_gosa'}}[0];
355 if (defined $forward_to_gosa) {
356 &add_content2xml_hash($out_hash, "forward_to_gosa", $forward_to_gosa);
357 }
359 # return message
360 return &create_xml_string($out_hash);
361 }
364 sub krb5_get_policy {
365 my ($msg, $msg_hash) = @_;
366 my $header = @{$msg_hash->{'header'}}[0];
367 my $source = @{$msg_hash->{'source'}}[0];
368 my $target = @{$msg_hash->{'target'}}[0];
369 my $session_id = @{$msg_hash->{'session_id'}}[0];
370 my $forward_to_gosa = @{$msg_hash->{'forward_to_gosa'}}[0];
372 # build return message with twisted target and source
373 my $out_hash = &main::create_xml_hash("answer_$header", $target, $source);
374 &add_content2xml_hash($out_hash, "session_id", $session_id);
376 # Sanity check
377 if (not defined @{$msg_hash->{'policy'}}[0]){
378 &add_content2xml_hash($out_hash, "error", "No policy specified");
379 if (defined $forward_to_gosa) {
380 &add_content2xml_hash($out_hash, "forward_to_gosa", $forward_to_gosa);
381 }
382 return &create_xml_string($out_hash);
383 }
385 # Authenticate
386 my $kadm5 = Authen::Krb5::Admin->init_with_password($krb_admin, $krb_password);
387 my $principal;
388 if (not defined $kadm5){
389 &add_content2xml_hash($out_hash, "error", "Cannot connect to kadmin server");
390 } else {
391 my $data= $kadm5->get_policy(@{$msg_hash->{'policy'}}[0]) or &add_content2xml_hash($out_hash, "error", Authen::Krb5::Admin::error);
392 &add_content2xml_hash($out_hash, "name", $data->name);
393 &add_content2xml_hash($out_hash, "mask", $data->mask);
394 &add_content2xml_hash($out_hash, "pw_history_num", $data->pw_history_num);
395 &add_content2xml_hash($out_hash, "pw_max_life", $data->pw_max_life);
396 &add_content2xml_hash($out_hash, "pw_min_classes", $data->pw_min_classes);
397 &add_content2xml_hash($out_hash, "pw_min_length", $data->pw_min_length);
398 &add_content2xml_hash($out_hash, "pw_min_life", $data->pw_min_life);
399 &add_content2xml_hash($out_hash, "policy_refcnt", $data->policy_refcnt);
400 }
402 if (defined $forward_to_gosa) {
403 &add_content2xml_hash($out_hash, "forward_to_gosa", $forward_to_gosa);
404 }
406 # return message
407 return &create_xml_string($out_hash);
408 }
411 sub krb5_create_policy {
412 my ($msg, $msg_hash) = @_;
413 my $header = @{$msg_hash->{'header'}}[0];
414 my $source = @{$msg_hash->{'source'}}[0];
415 my $target = @{$msg_hash->{'target'}}[0];
416 my $session_id = @{$msg_hash->{'session_id'}}[0];
417 my $forward_to_gosa = @{$msg_hash->{'forward_to_gosa'}}[0];
419 # Build return message
420 my $out_hash = &main::create_xml_hash("answer_$header", $target, $source);
421 &add_content2xml_hash($out_hash, "session_id", $session_id);
423 # Sanity check
424 if (not defined @{$msg_hash->{'policy'}}[0]){
425 &add_content2xml_hash($out_hash, "error", "No policy specified");
426 if (defined $forward_to_gosa) {
427 &add_content2xml_hash($out_hash, "forward_to_gosa", $forward_to_gosa);
428 }
430 return &create_xml_string($out_hash);
431 }
432 &add_content2xml_hash($msg_hash, "name", @{$msg_hash->{'policy'}}[0]);
434 # Authenticate
435 my $kadm5 = Authen::Krb5::Admin->init_with_password($krb_admin, $krb_password);
436 if (not defined $kadm5){
437 &add_content2xml_hash($out_hash, "error", "Cannot connect to kadmin server");
438 } else {
439 if ( $kadm5->get_policy(@{$msg_hash->{'policy'}}[0])) {
440 &add_content2xml_hash($out_hash, "error", "Policy exists");
441 if (defined $forward_to_gosa) {
442 &add_content2xml_hash($out_hash, "forward_to_gosa", $forward_to_gosa);
443 }
444 return &create_xml_string($out_hash);
445 }
447 my $pol = Authen::Krb5::Admin::Policy->new;
449 # Move information from xml message to modifyer
450 foreach ('name', 'mask', 'pw_history_num', 'pw_max_life', 'pw_min_classes',
451 'pw_min_length', 'pw_min_life'){
453 if (defined @{$msg_hash->{$_}}[0]){
454 $pol->$_(@{$msg_hash->{$_}}[0]);
455 }
456 }
458 # Create info
459 $kadm5->create_policy($pol) or &add_content2xml_hash($out_hash, "error", Authen::Krb5::Admin::error);
460 }
462 if (defined $forward_to_gosa) {
463 &add_content2xml_hash($out_hash, "forward_to_gosa", $forward_to_gosa);
464 }
466 # build return message with twisted target and source
467 my $out_msg = &create_xml_string($out_hash);
469 # return message
470 return $out_msg;
471 }
474 sub krb5_modify_policy {
475 my ($msg, $msg_hash) = @_;
476 my $header = @{$msg_hash->{'header'}}[0];
477 my $source = @{$msg_hash->{'source'}}[0];
478 my $target = @{$msg_hash->{'target'}}[0];
479 my $session_id = @{$msg_hash->{'session_id'}}[0];
480 my $forward_to_gosa = @{$msg_hash->{'forward_to_gosa'}}[0];
482 # Build return message
483 my $out_hash = &main::create_xml_hash("answer_$header", $target, $source);
484 &add_content2xml_hash($out_hash, "session_id", $session_id);
486 # Sanity check
487 if (not defined @{$msg_hash->{'policy'}}[0]){
488 if (defined $forward_to_gosa) {
489 &add_content2xml_hash($out_hash, "forward_to_gosa", $forward_to_gosa);
490 }
491 &add_content2xml_hash($out_hash, "error", "No policy specified");
492 return &create_xml_string($out_hash);
493 }
494 &add_content2xml_hash($msg_hash, "name", @{$msg_hash->{'policy'}}[0]);
496 # Authenticate
497 my $kadm5 = Authen::Krb5::Admin->init_with_password($krb_admin, $krb_password);
498 if (not defined $kadm5){
499 &add_content2xml_hash($out_hash, "error", "Cannot connect to kadmin server");
500 } else {
501 my $pol = Authen::Krb5::Admin::Policy->new;
503 # Move information from xml message to modifyer
504 foreach ('name', 'mask', 'pw_history_num', 'pw_max_life', 'pw_min_classes',
505 'pw_min_length', 'pw_min_life'){
507 if (defined @{$msg_hash->{$_}}[0]){
508 $pol->$_(@{$msg_hash->{$_}}[0]);
509 }
510 }
512 # Create info
513 $kadm5->modify_policy($pol) or &add_content2xml_hash($out_hash, "error", Authen::Krb5::Admin::error);
514 }
516 if (defined $forward_to_gosa) {
517 &add_content2xml_hash($out_hash, "forward_to_gosa", $forward_to_gosa);
518 }
520 # build return message with twisted target and source
521 my $out_msg = &create_xml_string($out_hash);
523 # return message
524 return $out_msg;
525 }
528 sub krb5_del_policy {
529 my ($msg, $msg_hash) = @_;
530 my $header = @{$msg_hash->{'header'}}[0];
531 my $source = @{$msg_hash->{'source'}}[0];
532 my $target = @{$msg_hash->{'target'}}[0];
533 my $session_id = @{$msg_hash->{'session_id'}}[0];
534 my $forward_to_gosa = @{$msg_hash->{'forward_to_gosa'}}[0];
536 # build return message with twisted target and source
537 my $out_hash = &main::create_xml_hash("answer_$header", $target, $source);
538 &add_content2xml_hash($out_hash, "session_id", $session_id);
540 # Sanity check
541 if (not defined @{$msg_hash->{'policy'}}[0]){
542 if (defined $forward_to_gosa) {
543 &add_content2xml_hash($out_hash, "forward_to_gosa", $forward_to_gosa);
544 }
545 &add_content2xml_hash($out_hash, "error", "No policy specified");
546 return &create_xml_string($out_hash);
547 }
549 # Authenticate
550 my $kadm5 = Authen::Krb5::Admin->init_with_password($krb_admin, $krb_password);
551 my $policy= @{$msg_hash->{'policy'}}[0];
552 if (not defined $kadm5){
553 &add_content2xml_hash($out_hash, "error", "Cannot connect to kadmin server");
554 } else {
555 $kadm5->delete_policy($policy) or &add_content2xml_hash($out_hash, "error", Authen::Krb5::Admin::error);
556 }
558 if (defined $forward_to_gosa) {
559 &add_content2xml_hash($out_hash, "forward_to_gosa", $forward_to_gosa);
560 }
562 # return message
563 return &create_xml_string($out_hash);
564 }
566 sub krb5_set_password {
567 my ($msg, $msg_hash) = @_;
568 my $header = @{$msg_hash->{'header'}}[0];
569 my $source = @{$msg_hash->{'source'}}[0];
570 my $target = @{$msg_hash->{'target'}}[0];
571 my $session_id = @{$msg_hash->{'session_id'}}[0];
572 my $forward_to_gosa = @{$msg_hash->{'forward_to_gosa'}}[0];
574 # build return message with twisted target and source
575 my $out_hash = &main::create_xml_hash("answer_$header", $target, $source);
576 &add_content2xml_hash($out_hash, "session_id", $session_id);
578 # Sanity check
579 if (not defined @{$msg_hash->{'principal'}}[0]){
580 if (defined $forward_to_gosa) {
581 &add_content2xml_hash($out_hash, "forward_to_gosa", $forward_to_gosa);
582 }
584 &add_content2xml_hash($out_hash, "error", "No principal specified");
585 return &create_xml_string($out_hash);
586 }
587 if (not defined @{$msg_hash->{'password'}}[0]){
588 if (defined $forward_to_gosa) {
589 &add_content2xml_hash($out_hash, "forward_to_gosa", $forward_to_gosa);
590 }
592 &add_content2xml_hash($out_hash, "error", "No password specified");
593 return &create_xml_string($out_hash);
594 }
596 # Authenticate
597 my $kadm5 = Authen::Krb5::Admin->init_with_password($krb_admin, $krb_password);
598 my $principal;
599 if (not defined $kadm5){
600 &add_content2xml_hash($out_hash, "error", "Cannot connect to kadmin server");
601 }
603 $principal= Authen::Krb5::parse_name(@{$msg_hash->{'principal'}}[0]);
604 if(not defined $principal) {
605 &add_content2xml_hash($out_hash, "error", "Illegal principal name");
606 } else {
607 $kadm5->chpass_principal($principal, @{$msg_hash->{'password'}}[0]) or &add_content2xml_hash($out_hash, "error", Authen::Krb5::Admin::error);
608 }
610 if (defined $forward_to_gosa) {
611 &add_content2xml_hash($out_hash, "forward_to_gosa", $forward_to_gosa);
612 }
614 # return message
615 return &create_xml_string($out_hash);
616 }
617 1;