PHP: kadm5 - Manual
json_encodeKADM5
简介
These package allows you to access Kerberos V administration servers. You can create, modify, and delete Kerberos V principals and policies.
More information about Kerberos can be found at » http://web.mit.edu/kerberos/www/.
Documentation for Kerberos and KADM5 can be found at » http://web.mit.edu/kerberos/www/krb5-1.2/krb5-1.2.8/doc/admin_toc.html.
资源类型
This extension defines a KADM5 handle returned by kadm5_init_with_password().
预定义常量
以下常量由本扩展模块定义,因此只有在本扩展模块被编译到 PHP 中,或者在运行时被动态加载后才有效。
Constants for Attribute Flags
The functions kadm5_create_principal(), kadm5_modify_principal(), and kadm5_modify_principal() allow to specify special attributes using a bitfield. The symbols are defined below:
| constant |
|---|
| KRB5_KDB_DISALLOW_POSTDATED |
| KRB5_KDB_DISALLOW_FORWARDABLE |
| KRB5_KDB_DISALLOW_TGT_BASED |
| KRB5_KDB_DISALLOW_RENEWABLE |
| KRB5_KDB_DISALLOW_PROXIABLE |
| KRB5_KDB_DISALLOW_DUP_SKEY |
| KRB5_KDB_DISALLOW_ALL_TIX |
| KRB5_KDB_REQUIRES_PRE_AUTH |
| KRB5_KDB_REQUIRES_HW_AUTH |
| KRB5_KDB_REQUIRES_PWCHANGE |
| KRB5_KDB_DISALLOW_SVR |
| KRB5_KDB_PWCHANGE_SERVER |
| KRB5_KDB_SUPPORT_DESMD5 |
| KRB5_KDB_NEW_PRINC |
Constants for Options
The functions kadm5_create_principal(), kadm5_modify_principal(), and kadm5_get_principal() allow to specify or return principal's options as an associative array. The keys for the associative array are defined as string constants below:
| constant | funcdef | description |
|---|---|---|
| KADM5_PRINCIPAL | long | The expire time of the princial as a Kerberos timestamp. |
| KADM5_PRINC_EXPIRE_TIME | long | The expire time of the princial as a Kerberos timestamp. |
| KADM5_LAST_PW_CHANGE | long | The time this principal's password was last changed. |
| KADM5_PW_EXPIRATION | long | The expire time of the principal's current password, as a Kerberos timestamp. |
| KADM5_MAX_LIFE | long | The maximum lifetime of any Kerberos ticket issued to this principal. |
| KADM5_MAX_RLIFE | long | The maximum renewable lifetime of any Kerberos ticket issued to or for this principal. |
| KADM5_MOD_NAME | string | The name of the Kerberos principal that most recently modified this principal. |
| KADM5_MOD_TIME | long | The time this principal was last modified, as a Kerberos timestamp. |
| KADM5_KVNO | long | The version of the principal's current key. |
| KADM5_POLICY | string | The name of the policy controlling this principal. |
| KADM5_CLEARPOLICY | long | Standard procedure is to assign the 'default' policy to new principals. KADM5_CLEARPOLICY suppresses this behaviour. |
| KADM5_LAST_SUCCESS | long | The KDC time of the last successfull AS_REQ. |
| KADM5_LAST_FAILED | long | The KDC time of the last failed AS_REQ. |
| KADM5_FAIL_AUTH_COUNT | long | The number of consecutive failed AS_REQs. |
| KADM5_RANDKEY | long | Generates a random password for the principal. The parameter password will be ignored. |
| KADM5_ATTRIBUTES | long | A bitfield of attributes for use by the KDC. |
范例
This simple example shows how to connect, query, print resulting principals and disconnect from a KADM5 database.
Example#1 KADM5 extension overview example
<?php
$handle = kadm5_init_with_password ( "afs-1" , "GONICUS.LOCAL" , "admin/admin" , "password" );
print "<h1>get_principals</h1>\n" ;
$principals = kadm5_get_principals ( $handle );
for( $i = 0 ; $i < count ( $principals ); $i ++)
print "$principals[$i]<br>\n" ;
print "<h1>get_policies</h1>\n" ;
$policies = kadm5_get_policies ( $handle );
for( $i = 0 ; $i < count ( $policies ); $i ++)
print "$policies[$i]<br>\n" ;
print "<h1>get_principal burbach@GONICUS.LOCAL</h1>\n" ;
$options = kadm5_get_principal ( $handle , "burbach@GONICUS.LOCAL" );
$keys = array_keys ( $options );
for( $i = 0 ; $i < count ( $keys ); $i ++) {
$value = $options [ $keys [ $i ]];
print "$keys[$i]: $value<br>\n" ;
}
$options = array( KADM5_PRINC_EXPIRE_TIME => 0 );
kadm5_modify_principal ( $handle , "burbach@GONICUS.LOCAL" , $options );
kadm5_destroy ( $handle );
?> Contact Information
If you have comments, bugfixes, enhancements or want to help in developing this you can send me a mail at » holger.burbach@gonicus.de. The project homepage can be found at » http://oss.gonicus.de/project/?group_id=7.
Table of Contents
- kadm5_chpass_principal — Changes the principal's password
- kadm5_create_principal — Creates a kerberos principal with the given parameters
- kadm5_delete_principal — Deletes a kerberos principal
- kadm5_destroy — Closes the connection to the admin server and releases all related resources
- kadm5_flush — Flush all changes to the Kerberos database, leaving the connection to the Kerberos admin server open
- kadm5_get_policies — Gets all policies from the Kerberos database
- kadm5_get_principal — Gets the principal's entries from the Kerberos database
- kadm5_get_principals — Gets all principals from the Kerberos database
- kadm5_init_with_password — Opens a connection to the KADM5 library and initializes any neccessary state information
- kadm5_modify_principal — Modifies a kerberos principal with the given parameters
© 2005-2008 BlaBla.cn 版权所有