Delicious Bookmark this on Delicious Share on Facebook SlashdotSlashdot It! Digg! Digg



PHP : Function Reference : KADM5

KADM5

Introduction

These package allows you to access Kerberos V administration servers. You can create, modify, and delete Kerberos V principals and policies.

More information about Kerberos can be found at » http://web.mit.edu/kerberos/www/.

Documentation for Kerberos and KADM5 can be found at » http://web.mit.edu/kerberos/www/krb5-1.2/krb5-1.2.8/doc/admin_toc.php.

Resource Types

This extension defines a KADM5 handle returned by kadm5_init_with_password().

Predefined Constants

The constants below are defined by this extension, and will only be available when the extension has either been compiled into PHP or dynamically loaded at runtime.

Constants for Attribute Flags

The functions kadm5_create_principal(), kadm5_modify_principal(), and kadm5_modify_principal() allow to specify special attributes using a bitfield. The symbols are defined below:

Table 153. Attributes for use by the KDC

constant
KRB5_KDB_DISALLOW_POSTDATED
KRB5_KDB_DISALLOW_FORWARDABLE
KRB5_KDB_DISALLOW_TGT_BASED
KRB5_KDB_DISALLOW_RENEWABLE
KRB5_KDB_DISALLOW_PROXIABLE
KRB5_KDB_DISALLOW_DUP_SKEY
KRB5_KDB_DISALLOW_ALL_TIX
KRB5_KDB_REQUIRES_PRE_AUTH
KRB5_KDB_REQUIRES_HW_AUTH
KRB5_KDB_REQUIRES_PWCHANGE
KRB5_KDB_DISALLOW_SVR
KRB5_KDB_PWCHANGE_SERVER
KRB5_KDB_SUPPORT_DESMD5
KRB5_KDB_NEW_PRINC


Constants for Options

The functions kadm5_create_principal(), kadm5_modify_principal(), and kadm5_get_principal() allow to specify or return principal's options as an associative array. The keys for the associative array are defined as string constants below:

Table 154. Options for creating/modifying/retrieving principals

constant funcdef description
KADM5_PRINCIPAL long The expire time of the princial as a Kerberos timestamp.
KADM5_PRINC_EXPIRE_TIME long The expire time of the princial as a Kerberos timestamp.
KADM5_LAST_PW_CHANGE long The time this principal's password was last changed.
KADM5_PW_EXPIRATION long The expire time of the principal's current password, as a Kerberos timestamp.
KADM5_MAX_LIFE long The maximum lifetime of any Kerberos ticket issued to this principal.
KADM5_MAX_RLIFE long The maximum renewable lifetime of any Kerberos ticket issued to or for this principal.
KADM5_MOD_NAME string The name of the Kerberos principal that most recently modified this principal.
KADM5_MOD_TIME long The time this principal was last modified, as a Kerberos timestamp.
KADM5_KVNO long The version of the principal's current key.
KADM5_POLICY string The name of the policy controlling this principal.
KADM5_CLEARPOLICY long Standard procedure is to assign the 'default' policy to new principals. KADM5_CLEARPOLICY suppresses this behaviour.
KADM5_LAST_SUCCESS long The KDC time of the last successfull AS_REQ.
KADM5_LAST_FAILED long The KDC time of the last failed AS_REQ.
KADM5_FAIL_AUTH_COUNT long The number of consecutive failed AS_REQs.
KADM5_RANDKEY long Generates a random password for the principal. The parameter password will be ignored.
KADM5_ATTRIBUTES long A bitfield of attributes for use by the KDC.


Examples

This simple example shows how to connect, query, print resulting principals and disconnect from a KADM5 database.

Example 1100. KADM5 extension overview example

<?php

 $handle
= kadm5_init_with_password("afs-1", "GONICUS.LOCAL", "admin/admin", "password");

 print
"<h1>get_principals</h1>\n";
 
$principals = kadm5_get_principals($handle);
 for(
$i=0; $i<count($principals); $i++)
     print
"$principals[$i]<br>\n";

 print
"<h1>get_policies</h1>\n";
 
$policies = kadm5_get_policies($handle);
 for(
$i=0; $i<count($policies); $i++)
     print
"$policies[$i]<br>\n";

 print
"<h1>get_principal burbach@GONICUS.LOCAL</h1>\n";

 
$options = kadm5_get_principal($handle, "burbach@GONICUS.LOCAL" );
 
$keys = array_keys($options);
 for(
$i=0; $i<count($keys); $i++) {
   
$value = $options[$keys[$i]];
   print
"$keys[$i]: $value<br>\n";
 }

 
$options = array(KADM5_PRINC_EXPIRE_TIME => 0);
 
kadm5_modify_principal($handle, "burbach@GONICUS.LOCAL", $options);

 
kadm5_destroy($handle);
?>


Contact Information

If you have comments, bugfixes, enhancements or want to help in developing this you can send me a mail at » holger.burbach@gonicus.de. The project homepage can be found at » http://oss.gonicus.de/project/?group_id=7.

Table of Contents

kadm5_chpass_principal — Changes the principal's password
kadm5_create_principal — Creates a kerberos principal with the given parameters
kadm5_delete_principal — Deletes a kerberos principal
kadm5_destroy — Closes the connection to the admin server and releases all related resources
kadm5_flush — Flush all changes to the Kerberos database, leaving the connection to the Kerberos admin server open
kadm5_get_policies — Gets all policies from the Kerberos database
kadm5_get_principal — Gets the principal's entries from the Kerberos database
kadm5_get_principals — Gets all principals from the Kerberos database
kadm5_init_with_password — Opens a connection to the KADM5 library and initializes any neccessary state information
kadm5_modify_principal — Modifies a kerberos principal with the given parameters

Change Language


Follow Navioo On Twitter
.NET Functions
Apache-specific Functions
Alternative PHP Cache
Advanced PHP debugger
Array Functions
Aspell functions [deprecated]
BBCode Functions
BCMath Arbitrary Precision Mathematics Functions
PHP bytecode Compiler
Bzip2 Compression Functions
Calendar Functions
CCVS API Functions [deprecated]
Class/Object Functions
Classkit Functions
ClibPDF Functions [deprecated]
COM and .Net (Windows)
Crack Functions
Character Type Functions
CURL
Cybercash Payment Functions
Credit Mutuel CyberMUT functions
Cyrus IMAP administration Functions
Date and Time Functions
DB++ Functions
Database (dbm-style) Abstraction Layer Functions
dBase Functions
DBM Functions [deprecated]
dbx Functions
Direct IO Functions
Directory Functions
DOM Functions
DOM XML Functions
enchant Functions
Error Handling and Logging Functions
Exif Functions
Expect Functions
File Alteration Monitor Functions
Forms Data Format Functions
Fileinfo Functions
filePro Functions
Filesystem Functions
Filter Functions
Firebird/InterBase Functions
Firebird/Interbase Functions (PDO_FIREBIRD)
FriBiDi Functions
FrontBase Functions
FTP Functions
Function Handling Functions
GeoIP Functions
Gettext Functions
GMP Functions
gnupg Functions
Net_Gopher
Haru PDF Functions
hash Functions
HTTP
Hyperwave Functions
Hyperwave API Functions
i18n Functions
IBM Functions (PDO_IBM)
IBM DB2
iconv Functions
ID3 Functions
IIS Administration Functions
Image Functions
Imagick Image Library
IMAP
Informix Functions
Informix Functions (PDO_INFORMIX)
Ingres II Functions
IRC Gateway Functions
PHP / Java Integration
JSON Functions
KADM5
LDAP Functions
libxml Functions
Lotus Notes Functions
LZF Functions
Mail Functions
Mailparse Functions
Mathematical Functions
MaxDB PHP Extension
MCAL Functions
Mcrypt Encryption Functions
MCVE (Monetra) Payment Functions
Memcache Functions
Mhash Functions
Mimetype Functions
Ming functions for Flash
Miscellaneous Functions
mnoGoSearch Functions
Microsoft SQL Server Functions
Microsoft SQL Server and Sybase Functions (PDO_DBLIB)
Mohawk Software Session Handler Functions
mSQL Functions
Multibyte String Functions
muscat Functions
MySQL Functions
MySQL Functions (PDO_MYSQL)
MySQL Improved Extension
Ncurses Terminal Screen Control Functions
Network Functions
Newt Functions
NSAPI-specific Functions
Object Aggregation/Composition Functions
Object property and method call overloading
Oracle Functions
ODBC Functions (Unified)
ODBC and DB2 Functions (PDO_ODBC)
oggvorbis
OpenAL Audio Bindings
OpenSSL Functions
Oracle Functions [deprecated]
Oracle Functions (PDO_OCI)
Output Control Functions
Ovrimos SQL Functions
Paradox File Access
Parsekit Functions
Process Control Functions
Regular Expression Functions (Perl-Compatible)
PDF Functions
PDO Functions
Phar archive stream and classes
PHP Options&Information
POSIX Functions
Regular Expression Functions (POSIX Extended)
PostgreSQL Functions
PostgreSQL Functions (PDO_PGSQL)
Printer Functions
Program Execution Functions
PostScript document creation
Pspell Functions
qtdom Functions
Radius
Rar Functions
GNU Readline
GNU Recode Functions
RPM Header Reading Functions
runkit Functions
SAM - Simple Asynchronous Messaging
Satellite CORBA client extension [deprecated]
SCA Functions
SDO Functions
SDO XML Data Access Service Functions
SDO Relational Data Access Service Functions
Semaphore
SESAM Database Functions
PostgreSQL Session Save Handler
Session Handling Functions
Shared Memory Functions
SimpleXML functions
SNMP Functions
SOAP Functions
Socket Functions
Standard PHP Library (SPL) Functions
SQLite Functions
SQLite Functions (PDO_SQLITE)
Secure Shell2 Functions
Statistics Functions
Stream Functions
String Functions
Subversion Functions
Shockwave Flash Functions
Swish Functions
Sybase Functions
TCP Wrappers Functions
Tidy Functions
Tokenizer Functions
Unicode Functions
URL Functions
Variable Handling Functions
Verisign Payflow Pro Functions
vpopmail Functions
W32api Functions
WDDX Functions
win32ps Functions
win32service Functions
xattr Functions
xdiff Functions
XML Parser Functions
XML-RPC Functions
XMLReader functions
XMLWriter Functions
XSL functions
XSLT Functions
YAZ Functions
YP/NIS Functions
Zip File Functions
Zlib Compression Functions
eXTReMe Tracker