|
|
 |
LXIII. KADM5
Перечисленные ниже константы определены данным расширением и могут быть
доступны только в том случае, если PHP был собран с
поддержкой этого расширения или же в том случае, если
данное расширение подгружается во время выполнения.
The functions kadm5_create_principal(),
kadm5_modify_principal(), and
kadm5_modify_principal() allow to specify
special attributes using a bitfield. The symbols are defined below:
Таблица 1. Attributes for use by the KDC | constant |
|---|
| KRB5_KDB_DISALLOW_POSTDATED | | KRB5_KDB_DISALLOW_FORWARDABLE | | KRB5_KDB_DISALLOW_TGT_BASED | | KRB5_KDB_DISALLOW_RENEWABLE | | KRB5_KDB_DISALLOW_PROXIABLE | | KRB5_KDB_DISALLOW_DUP_SKEY | | KRB5_KDB_DISALLOW_ALL_TIX | | KRB5_KDB_REQUIRES_PRE_AUTH | | KRB5_KDB_REQUIRES_HW_AUTH | | KRB5_KDB_REQUIRES_PWCHANGE | | KRB5_KDB_DISALLOW_SVR | | KRB5_KDB_PWCHANGE_SERVER | | KRB5_KDB_SUPPORT_DESMD5 | | KRB5_KDB_NEW_PRINC |
The functions kadm5_create_principal(),
kadm5_modify_principal(), and
kadm5_get_principal() allow to specify or return
principal's options as an associative array. The keys for the associative
array are defined as string constants below:
Таблица 2. Options for creating/modifying/retrieving principals | constant | funcdef | description |
|---|
| KADM5_PRINCIPAL | long | The expire time of the princial as a Kerberos timestamp. | | KADM5_PRINC_EXPIRE_TIME | long | The expire time of the princial as a Kerberos timestamp. | | KADM5_LAST_PW_CHANGE | long | The time this principal's password was last changed. | | KADM5_PW_EXPIRATION | long |
The expire time of the principal's current password, as a Kerberos
timestamp.
| | KADM5_MAX_LIFE | long |
The maximum lifetime of any Kerberos ticket issued to this principal.
| | KADM5_MAX_RLIFE | long |
The maximum renewable lifetime of any Kerberos ticket issued to or
for this principal.
| | KADM5_MOD_NAME | string |
The name of the Kerberos principal that most recently modified this
principal.
| | KADM5_MOD_TIME | long |
The time this principal was last modified, as a Kerberos timestamp.
| | KADM5_KVNO | long | The version of the principal's current key. | | KADM5_POLICY | string | The name of the policy controlling this principal. | | KADM5_CLEARPOLICY | long |
Standard procedure is to assign the 'default' policy to new
principals. KADM5_CLEARPOLICY suppresses this behaviour.
| | KADM5_LAST_SUCCESS | long | The KDC time of the last successfull AS_REQ. | | KADM5_LAST_FAILED | long | The KDC time of the last failed AS_REQ. | | KADM5_FAIL_AUTH_COUNT | long | The number of consecutive failed AS_REQs. | | KADM5_RANDKEY | long |
Generates a random password for the principal. The parameter
password will be ignored.
| | KADM5_ATTRIBUTES | long | A bitfield of attributes for use by the KDC. |
This simple example shows how to connect, query, print
resulting principals and disconnect from a KADM5 database.
Пример 1. KADM5 extension overview example |
<?php
$handle = kadm5_init_with_password("afs-1", "GONICUS.LOCAL", "admin/admin", "password");
print "<h1>get_principals</h1>\n";
$principals = kadm5_get_principals($handle);
for( $i=0; $i<count($principals); $i++)
print "$principals[$i]<br>\n";
print "<h1>get_policies</h1>\n";
$policies = kadm5_get_policies($handle);
for( $i=0; $i<count($policies); $i++)
print "$policies[$i]<br>\n";
print "<h1>get_principal burbach@GONICUS.LOCAL</h1>\n";
$options = kadm5_get_principal($handle, "burbach@GONICUS.LOCAL" );
$keys = array_keys($options);
for( $i=0; $i<count($keys); $i++) {
$value = $options[$keys[$i]];
print "$keys[$i]: $value<br>\n";
}
$options = array(KADM5_PRINC_EXPIRE_TIME => 0);
kadm5_modify_principal($handle, "burbach@GONICUS.LOCAL", $options);
kadm5_destroy($handle);
?>
|
|
KADM5
There are no user contributed notes for this page.
| |
java_last_exception_get