![[tokkee]](http://tokkee.org/images/avatar.png){kind=avatar}
1 package krb5;
4 use strict;
5 use warnings;
7 use Authen::Krb5;
8 use Authen::Krb5::Admin qw(:constants);
9 use GOsaSI::GosaSupportDaemon;
11 use Exporter;
13 our @ISA = qw(Exporter);
15 my @events = (
16 "get_events",
17 "krb5_list_principals",
18 "krb5_list_policies",
19 "krb5_get_principal",
20 "krb5_create_principal",
21 "krb5_modify_principal",
22 "krb5_del_principal",
23 "krb5_get_policy",
24 "krb5_create_policy",
25 "krb5_modify_policy",
26 "krb5_del_policy",
27 "krb5_set_password",
28 );
30 our @EXPORT = @events;
32 BEGIN {}
34 END {}
36 ### Start ######################################################################
38 Authen::Krb5::init_context;
39 Authen::Krb5::init_ets;
41 my $krb_admin;
42 my $krb_password;
44 my %cfg_defaults = (
45 "krb5" => {
46 "admin" => [\$krb_admin, ""],
47 "password" => [\$krb_password, ""],
48 },
49 );
50 # why not using the main::read_configfile, the code seems exactly the same
51 &krb5_read_configfile($main::cfg_file, %cfg_defaults);
54 sub krb5_read_configfile {
55 my ($cfg_file, %cfg_defaults) = @_;
56 my $cfg;
58 if( defined( $cfg_file) && ( (-s $cfg_file) > 0 )) {
59 if( -r $cfg_file ) {
60 $cfg = Config::IniFiles->new( -file => $cfg_file );
61 } else {
62 &main::daemon_log("ERROR: krb5.pm couldn't read config file!", 1);
63 }
64 } else {
65 $cfg = Config::IniFiles->new() ;
66 }
67 foreach my $section (keys %cfg_defaults) {
68 foreach my $param (keys %{$cfg_defaults{ $section }}) {
69 my $pinfo = $cfg_defaults{ $section }{ $param };
70 ${@$pinfo[0]} = $cfg->val( $section, $param, @$pinfo[1] );
71 }
72 }
73 }
76 sub get_events { return \@events; }
79 sub krb5_list_principals {
80 my ($msg, $msg_hash) = @_;
81 my $header = @{$msg_hash->{'header'}}[0];
82 my $source = @{$msg_hash->{'source'}}[0];
83 my $target = @{$msg_hash->{'target'}}[0];
84 my $session_id = @{$msg_hash->{'session_id'}}[0];
86 # build return message with twisted target and source
87 my $out_hash = &main::create_xml_hash("answer_$header", $target, $source);
88 &add_content2xml_hash($out_hash, "session_id", $session_id);
90 # Authenticate
91 my $kadm5 = Authen::Krb5::Admin->init_with_password($krb_admin, $krb_password);
92 if (not defined $kadm5){
93 &add_content2xml_hash($out_hash, "error", "Cannot connect to kadmin server");
94 } else {
95 my @principals= $kadm5->get_principals() or &add_content2xml_hash($out_hash, "error", Authen::Krb5::Admin::error);
96 for my $principal (@principals) {
97 &add_content2xml_hash($out_hash, "principal", $principal);
98 }
99 }
101 my $forward_to_gosa = @{$msg_hash->{'forward_to_gosa'}}[0];
102 if (defined $forward_to_gosa) {
103 &add_content2xml_hash($out_hash, "forward_to_gosa", $forward_to_gosa);
104 }
106 # return message
107 return &create_xml_string($out_hash);
108 }
111 sub krb5_create_principal {
112 my ($msg, $msg_hash) = @_;
113 my $header = @{$msg_hash->{'header'}}[0];
114 my $source = @{$msg_hash->{'source'}}[0];
115 my $target = @{$msg_hash->{'target'}}[0];
116 my $session_id = @{$msg_hash->{'session_id'}}[0];
117 my $forward_to_gosa = @{$msg_hash->{'forward_to_gosa'}}[0];
119 # build return message with twisted target and source
120 my $out_hash = &main::create_xml_hash("answer_$header", $target, $source);
121 &add_content2xml_hash($out_hash, "session_id", $session_id);
123 # Sanity check
124 if (not defined @{$msg_hash->{'principal'}}[0]){
125 &add_content2xml_hash($out_hash, "error", "No principal specified");
126 return &create_xml_string($out_hash);
127 }
129 # Authenticate
130 my $kadm5 = Authen::Krb5::Admin->init_with_password($krb_admin, $krb_password);
131 my $principal;
132 if (not defined $kadm5){
133 &add_content2xml_hash($out_hash, "error", "Cannot connect to kadmin server");
134 } else {
135 $principal= Authen::Krb5::parse_name(@{$msg_hash->{'principal'}}[0]);
136 if(not defined $principal) {
137 &add_content2xml_hash($out_hash, "error", "Illegal principal name");
138 } else {
139 if ( $kadm5->get_principal($principal)){
140 &add_content2xml_hash($out_hash, "error", "Principal exists");
141 if (defined $forward_to_gosa) {
142 &add_content2xml_hash($out_hash, "forward_to_gosa", $forward_to_gosa);
143 }
144 return &create_xml_string($out_hash);
145 }
147 my $princ= Authen::Krb5::Admin::Principal->new;
148 foreach ('mask', 'attributes', 'aux_attributes', 'max_life', 'max_renewable_life',
149 'policy', 'princ_expire_time', 'pw_expiration'){
151 if (defined @{$msg_hash->{$_}}[0]){
152 $princ->$_(@{$msg_hash->{$_}}[0]);
153 }
154 }
156 $princ->principal($principal);
157 $kadm5->create_principal($princ, join '', map { chr rand(255) + 1 } 1..256) or &add_content2xml_hash($out_hash, "error", Authen::Krb5::Admin::error);
159 # Directly randomize key
160 $kadm5->randkey_principal($principal);
161 }
162 }
164 if (defined $forward_to_gosa) {
165 &add_content2xml_hash($out_hash, "forward_to_gosa", $forward_to_gosa);
166 }
168 # return message
169 return &create_xml_string($out_hash);
170 }
173 sub krb5_modify_principal {
174 my ($msg, $msg_hash) = @_;
175 my $header = @{$msg_hash->{'header'}}[0];
176 my $source = @{$msg_hash->{'source'}}[0];
177 my $target = @{$msg_hash->{'target'}}[0];
178 my $session_id = @{$msg_hash->{'session_id'}}[0];
179 my $forward_to_gosa = @{$msg_hash->{'forward_to_gosa'}}[0];
181 # build return message with twisted target and source
182 my $out_hash = &main::create_xml_hash("answer_$header", $target, $source);
183 &add_content2xml_hash($out_hash, "session_id", $session_id);
185 # Sanity check
186 if (not defined @{$msg_hash->{'principal'}}[0]){
187 &add_content2xml_hash($out_hash, "error", "No principal specified");
188 if (defined $forward_to_gosa) {
189 &add_content2xml_hash($out_hash, "forward_to_gosa", $forward_to_gosa);
190 }
191 return &create_xml_string($out_hash);
192 }
194 # Authenticate
195 my $kadm5 = Authen::Krb5::Admin->init_with_password($krb_admin, $krb_password);
196 my $principal;
197 if (not defined $kadm5){
198 &add_content2xml_hash($out_hash, "error", "Cannot connect to kadmin server");
199 } else {
200 $principal= Authen::Krb5::parse_name(@{$msg_hash->{'principal'}}[0]);
201 if(not defined $principal) {
202 &add_content2xml_hash($out_hash, "error", "Illegal principal name");
203 } else {
204 if (not $kadm5->get_principal($principal)){
205 &add_content2xml_hash($out_hash, "error", "Principal does not exists");
206 if (defined $forward_to_gosa) {
207 &add_content2xml_hash($out_hash, "forward_to_gosa", $forward_to_gosa);
208 }
209 return &create_xml_string($out_hash);
210 }
212 my $princ= Authen::Krb5::Admin::Principal->new;
213 foreach ('mask', 'attributes', 'aux_attributes', 'max_life', 'max_renewable_life',
214 'policy', 'princ_expire_time', 'pw_expiration'){
216 if (defined @{$msg_hash->{$_}}[0]){
217 $princ->$_(@{$msg_hash->{$_}}[0]);
218 }
219 }
221 $princ->principal($principal);
222 $kadm5->modify_principal($princ) or &add_content2xml_hash($out_hash, "error", Authen::Krb5::Admin::error);
223 }
224 }
226 if (defined $forward_to_gosa) {
227 &add_content2xml_hash($out_hash, "forward_to_gosa", $forward_to_gosa);
228 }
230 # return message
231 return &create_xml_string($out_hash);
232 }
235 sub krb5_get_principal {
236 my ($msg, $msg_hash) = @_;
237 my $header = @{$msg_hash->{'header'}}[0];
238 my $source = @{$msg_hash->{'source'}}[0];
239 my $target = @{$msg_hash->{'target'}}[0];
240 my $session_id = @{$msg_hash->{'session_id'}}[0];
241 my $forward_to_gosa = @{$msg_hash->{'forward_to_gosa'}}[0];
243 # build return message with twisted target and source
244 my $out_hash = &main::create_xml_hash("answer_$header", $target, $source);
245 &add_content2xml_hash($out_hash, "session_id", $session_id);
247 # Sanity check
248 if (not defined @{$msg_hash->{'principal'}}[0]){
249 &add_content2xml_hash($out_hash, "error", "No principal specified");
250 if (defined $forward_to_gosa) {
251 &add_content2xml_hash($out_hash, "forward_to_gosa", $forward_to_gosa);
252 }
253 return &create_xml_string($out_hash);
254 }
256 # Authenticate
257 my $kadm5 = Authen::Krb5::Admin->init_with_password($krb_admin, $krb_password);
258 my $principal;
259 if (not defined $kadm5){
260 &add_content2xml_hash($out_hash, "error", "Cannot connect to kadmin server");
261 } else {
262 $principal= Authen::Krb5::parse_name(@{$msg_hash->{'principal'}}[0]);
263 if(not defined $principal) {
264 &add_content2xml_hash($out_hash, "error", "Illegal principal name");
265 } else {
266 my $data= $kadm5->get_principal($principal) or &add_content2xml_hash($out_hash, "error", Authen::Krb5::Admin::error);
267 &add_content2xml_hash($out_hash, "principal", @{$msg_hash->{'principal'}}[0]);
268 &add_content2xml_hash($out_hash, "mask", $data->mask);
269 &add_content2xml_hash($out_hash, "attributes", $data->attributes);
270 &add_content2xml_hash($out_hash, "kvno", $data->kvno);
271 &add_content2xml_hash($out_hash, "max_life", $data->max_life);
272 &add_content2xml_hash($out_hash, "max_renewable_life", $data->max_renewable_life);
273 &add_content2xml_hash($out_hash, "aux_attributes", $data->aux_attributes);
274 &add_content2xml_hash($out_hash, "policy", $data->policy);
275 &add_content2xml_hash($out_hash, "fail_auth_count", $data->fail_auth_count);
276 &add_content2xml_hash($out_hash, "last_failed", $data->last_failed);
277 &add_content2xml_hash($out_hash, "last_pwd_change", $data->last_pwd_change);
278 &add_content2xml_hash($out_hash, "last_success", $data->last_success);
279 &add_content2xml_hash($out_hash, "mod_date", $data->mod_date);
280 &add_content2xml_hash($out_hash, "princ_expire_time", $data->princ_expire_time);
281 &add_content2xml_hash($out_hash, "pw_expiration", $data->pw_expiration);
282 }
283 }
285 if (defined $forward_to_gosa) {
286 &add_content2xml_hash($out_hash, "forward_to_gosa", $forward_to_gosa);
287 }
289 # return message
290 return &create_xml_string($out_hash);
291 }
294 sub krb5_del_principal {
295 my ($msg, $msg_hash) = @_;
296 my $header = @{$msg_hash->{'header'}}[0];
297 my $source = @{$msg_hash->{'source'}}[0];
298 my $target = @{$msg_hash->{'target'}}[0];
299 my $session_id = @{$msg_hash->{'session_id'}}[0];
300 my $forward_to_gosa = @{$msg_hash->{'forward_to_gosa'}}[0];
302 # build return message with twisted target and source
303 my $out_hash = &main::create_xml_hash("answer_$header", $target, $source);
304 &add_content2xml_hash($out_hash, "session_id", $session_id);
306 # Sanity check
307 if (not defined @{$msg_hash->{'principal'}}[0]){
308 if (defined $forward_to_gosa) {
309 &add_content2xml_hash($out_hash, "forward_to_gosa", $forward_to_gosa);
310 }
311 &add_content2xml_hash($out_hash, "error", "No principal specified");
312 return &create_xml_string($out_hash);
313 }
315 # Authenticate
316 my $kadm5 = Authen::Krb5::Admin->init_with_password($krb_admin, $krb_password);
317 my $principal;
318 if (not defined $kadm5){
319 &add_content2xml_hash($out_hash, "error", "Cannot connect to kadmin server");
320 } else {
321 $principal= Authen::Krb5::parse_name(@{$msg_hash->{'principal'}}[0]);
322 if(not defined $principal) {
323 &add_content2xml_hash($out_hash, "error", "Illegal principal name");
324 } else {
325 $kadm5->delete_principal($principal) or &add_content2xml_hash($out_hash, "error", Authen::Krb5::Admin::error);
326 }
327 }
329 if (defined $forward_to_gosa) {
330 &add_content2xml_hash($out_hash, "forward_to_gosa", $forward_to_gosa);
331 }
333 # return message
334 return &create_xml_string($out_hash);
335 }
338 sub krb5_list_policies {
339 my ($msg, $msg_hash) = @_;
340 my $header = @{$msg_hash->{'header'}}[0];
341 my $source = @{$msg_hash->{'source'}}[0];
342 my $target = @{$msg_hash->{'target'}}[0];
343 my $session_id = @{$msg_hash->{'session_id'}}[0];
345 # build return message with twisted target and source
346 my $out_hash = &main::create_xml_hash("answer_$header", $target, $source);
347 &add_content2xml_hash($out_hash, "session_id", $session_id);
349 # Authenticate
350 my $kadm5 = Authen::Krb5::Admin->init_with_password($krb_admin, $krb_password);
351 if (not defined $kadm5){
352 &add_content2xml_hash($out_hash, "error", "Cannot connect to kadmin server");
353 } else {
354 my @policies= $kadm5->get_policies(); # or &add_content2xml_hash($out_hash, "error", Authen::Krb5::Admin::error);
355 for my $policy (@policies) {
356 &add_content2xml_hash($out_hash, "policy", $policy);
357 }
358 }
360 my $forward_to_gosa = @{$msg_hash->{'forward_to_gosa'}}[0];
361 if (defined $forward_to_gosa) {
362 &add_content2xml_hash($out_hash, "forward_to_gosa", $forward_to_gosa);
363 }
365 # return message
366 return &create_xml_string($out_hash);
367 }
370 sub krb5_get_policy {
371 my ($msg, $msg_hash) = @_;
372 my $header = @{$msg_hash->{'header'}}[0];
373 my $source = @{$msg_hash->{'source'}}[0];
374 my $target = @{$msg_hash->{'target'}}[0];
375 my $session_id = @{$msg_hash->{'session_id'}}[0];
376 my $forward_to_gosa = @{$msg_hash->{'forward_to_gosa'}}[0];
378 # build return message with twisted target and source
379 my $out_hash = &main::create_xml_hash("answer_$header", $target, $source);
380 &add_content2xml_hash($out_hash, "session_id", $session_id);
382 # Sanity check
383 if (not defined @{$msg_hash->{'policy'}}[0]){
384 &add_content2xml_hash($out_hash, "error", "No policy specified");
385 if (defined $forward_to_gosa) {
386 &add_content2xml_hash($out_hash, "forward_to_gosa", $forward_to_gosa);
387 }
388 return &create_xml_string($out_hash);
389 }
391 # Authenticate
392 my $kadm5 = Authen::Krb5::Admin->init_with_password($krb_admin, $krb_password);
393 my $principal;
394 if (not defined $kadm5){
395 &add_content2xml_hash($out_hash, "error", "Cannot connect to kadmin server");
396 } else {
397 my $data= $kadm5->get_policy(@{$msg_hash->{'policy'}}[0]) or &add_content2xml_hash($out_hash, "error", Authen::Krb5::Admin::error);
398 &add_content2xml_hash($out_hash, "name", $data->name);
399 &add_content2xml_hash($out_hash, "mask", $data->mask);
400 &add_content2xml_hash($out_hash, "pw_history_num", $data->pw_history_num);
401 &add_content2xml_hash($out_hash, "pw_max_life", $data->pw_max_life);
402 &add_content2xml_hash($out_hash, "pw_min_classes", $data->pw_min_classes);
403 &add_content2xml_hash($out_hash, "pw_min_length", $data->pw_min_length);
404 &add_content2xml_hash($out_hash, "pw_min_life", $data->pw_min_life);
405 &add_content2xml_hash($out_hash, "policy_refcnt", $data->policy_refcnt);
406 }
408 if (defined $forward_to_gosa) {
409 &add_content2xml_hash($out_hash, "forward_to_gosa", $forward_to_gosa);
410 }
412 # return message
413 return &create_xml_string($out_hash);
414 }
417 sub krb5_create_policy {
418 my ($msg, $msg_hash) = @_;
419 my $header = @{$msg_hash->{'header'}}[0];
420 my $source = @{$msg_hash->{'source'}}[0];
421 my $target = @{$msg_hash->{'target'}}[0];
422 my $session_id = @{$msg_hash->{'session_id'}}[0];
423 my $forward_to_gosa = @{$msg_hash->{'forward_to_gosa'}}[0];
425 # Build return message
426 my $out_hash = &main::create_xml_hash("answer_$header", $target, $source);
427 &add_content2xml_hash($out_hash, "session_id", $session_id);
429 # Sanity check
430 if (not defined @{$msg_hash->{'policy'}}[0]){
431 &add_content2xml_hash($out_hash, "error", "No policy specified");
432 if (defined $forward_to_gosa) {
433 &add_content2xml_hash($out_hash, "forward_to_gosa", $forward_to_gosa);
434 }
436 return &create_xml_string($out_hash);
437 }
438 &add_content2xml_hash($msg_hash, "name", @{$msg_hash->{'policy'}}[0]);
440 # Authenticate
441 my $kadm5 = Authen::Krb5::Admin->init_with_password($krb_admin, $krb_password);
442 if (not defined $kadm5){
443 &add_content2xml_hash($out_hash, "error", "Cannot connect to kadmin server");
444 } else {
445 if ( $kadm5->get_policy(@{$msg_hash->{'policy'}}[0])) {
446 &add_content2xml_hash($out_hash, "error", "Policy exists");
447 if (defined $forward_to_gosa) {
448 &add_content2xml_hash($out_hash, "forward_to_gosa", $forward_to_gosa);
449 }
450 return &create_xml_string($out_hash);
451 }
453 my $pol = Authen::Krb5::Admin::Policy->new;
455 # Move information from xml message to modifyer
456 foreach ('name', 'mask', 'pw_history_num', 'pw_max_life', 'pw_min_classes',
457 'pw_min_length', 'pw_min_life'){
459 if (defined @{$msg_hash->{$_}}[0]){
460 $pol->$_(@{$msg_hash->{$_}}[0]);
461 }
462 }
464 # Create info
465 $kadm5->create_policy($pol) or &add_content2xml_hash($out_hash, "error", Authen::Krb5::Admin::error);
466 }
468 if (defined $forward_to_gosa) {
469 &add_content2xml_hash($out_hash, "forward_to_gosa", $forward_to_gosa);
470 }
472 # build return message with twisted target and source
473 my $out_msg = &create_xml_string($out_hash);
475 # return message
476 return $out_msg;
477 }
480 sub krb5_modify_policy {
481 my ($msg, $msg_hash) = @_;
482 my $header = @{$msg_hash->{'header'}}[0];
483 my $source = @{$msg_hash->{'source'}}[0];
484 my $target = @{$msg_hash->{'target'}}[0];
485 my $session_id = @{$msg_hash->{'session_id'}}[0];
486 my $forward_to_gosa = @{$msg_hash->{'forward_to_gosa'}}[0];
488 # Build return message
489 my $out_hash = &main::create_xml_hash("answer_$header", $target, $source);
490 &add_content2xml_hash($out_hash, "session_id", $session_id);
492 # Sanity check
493 if (not defined @{$msg_hash->{'policy'}}[0]){
494 if (defined $forward_to_gosa) {
495 &add_content2xml_hash($out_hash, "forward_to_gosa", $forward_to_gosa);
496 }
497 &add_content2xml_hash($out_hash, "error", "No policy specified");
498 return &create_xml_string($out_hash);
499 }
500 &add_content2xml_hash($msg_hash, "name", @{$msg_hash->{'policy'}}[0]);
502 # Authenticate
503 my $kadm5 = Authen::Krb5::Admin->init_with_password($krb_admin, $krb_password);
504 if (not defined $kadm5){
505 &add_content2xml_hash($out_hash, "error", "Cannot connect to kadmin server");
506 } else {
507 my $pol = Authen::Krb5::Admin::Policy->new;
509 # Move information from xml message to modifyer
510 foreach ('name', 'mask', 'pw_history_num', 'pw_max_life', 'pw_min_classes',
511 'pw_min_length', 'pw_min_life'){
513 if (defined @{$msg_hash->{$_}}[0]){
514 $pol->$_(@{$msg_hash->{$_}}[0]);
515 }
516 }
518 # Create info
519 $kadm5->modify_policy($pol) or &add_content2xml_hash($out_hash, "error", Authen::Krb5::Admin::error);
520 }
522 if (defined $forward_to_gosa) {
523 &add_content2xml_hash($out_hash, "forward_to_gosa", $forward_to_gosa);
524 }
526 # build return message with twisted target and source
527 my $out_msg = &create_xml_string($out_hash);
529 # return message
530 return $out_msg;
531 }
534 sub krb5_del_policy {
535 my ($msg, $msg_hash) = @_;
536 my $header = @{$msg_hash->{'header'}}[0];
537 my $source = @{$msg_hash->{'source'}}[0];
538 my $target = @{$msg_hash->{'target'}}[0];
539 my $session_id = @{$msg_hash->{'session_id'}}[0];
540 my $forward_to_gosa = @{$msg_hash->{'forward_to_gosa'}}[0];
542 # build return message with twisted target and source
543 my $out_hash = &main::create_xml_hash("answer_$header", $target, $source);
544 &add_content2xml_hash($out_hash, "session_id", $session_id);
546 # Sanity check
547 if (not defined @{$msg_hash->{'policy'}}[0]){
548 if (defined $forward_to_gosa) {
549 &add_content2xml_hash($out_hash, "forward_to_gosa", $forward_to_gosa);
550 }
551 &add_content2xml_hash($out_hash, "error", "No policy specified");
552 return &create_xml_string($out_hash);
553 }
555 # Authenticate
556 my $kadm5 = Authen::Krb5::Admin->init_with_password($krb_admin, $krb_password);
557 my $policy= @{$msg_hash->{'policy'}}[0];
558 if (not defined $kadm5){
559 &add_content2xml_hash($out_hash, "error", "Cannot connect to kadmin server");
560 } else {
561 $kadm5->delete_policy($policy) or &add_content2xml_hash($out_hash, "error", Authen::Krb5::Admin::error);
562 }
564 if (defined $forward_to_gosa) {
565 &add_content2xml_hash($out_hash, "forward_to_gosa", $forward_to_gosa);
566 }
568 # return message
569 return &create_xml_string($out_hash);
570 }
572 sub krb5_set_password {
573 my ($msg, $msg_hash) = @_;
574 my $header = @{$msg_hash->{'header'}}[0];
575 my $source = @{$msg_hash->{'source'}}[0];
576 my $target = @{$msg_hash->{'target'}}[0];
577 my $session_id = @{$msg_hash->{'session_id'}}[0];
578 my $forward_to_gosa = @{$msg_hash->{'forward_to_gosa'}}[0];
580 # build return message with twisted target and source
581 my $out_hash = &main::create_xml_hash("answer_$header", $target, $source);
582 &add_content2xml_hash($out_hash, "session_id", $session_id);
584 # Sanity check
585 if (not defined @{$msg_hash->{'principal'}}[0]){
586 if (defined $forward_to_gosa) {
587 &add_content2xml_hash($out_hash, "forward_to_gosa", $forward_to_gosa);
588 }
590 &add_content2xml_hash($out_hash, "error", "No principal specified");
591 return &create_xml_string($out_hash);
592 }
593 if (not defined @{$msg_hash->{'password'}}[0]){
594 if (defined $forward_to_gosa) {
595 &add_content2xml_hash($out_hash, "forward_to_gosa", $forward_to_gosa);
596 }
598 &add_content2xml_hash($out_hash, "error", "No password specified");
599 return &create_xml_string($out_hash);
600 }
602 # Authenticate
603 my $kadm5 = Authen::Krb5::Admin->init_with_password($krb_admin, $krb_password);
604 my $principal;
605 if (not defined $kadm5){
606 &add_content2xml_hash($out_hash, "error", "Cannot connect to kadmin server");
607 }
609 $principal= Authen::Krb5::parse_name(@{$msg_hash->{'principal'}}[0]);
610 if(not defined $principal) {
611 &add_content2xml_hash($out_hash, "error", "Illegal principal name");
612 } else {
613 $kadm5->chpass_principal($principal, @{$msg_hash->{'password'}}[0]) or &add_content2xml_hash($out_hash, "error", Authen::Krb5::Admin::error);
614 }
616 if (defined $forward_to_gosa) {
617 &add_content2xml_hash($out_hash, "forward_to_gosa", $forward_to_gosa);
618 }
620 # return message
621 return &create_xml_string($out_hash);
622 }
623 1;