in reply to Re^2: Change a user's Kerberos Password?
in thread Change a user's Kerberos Password?

Does anyone know how to to get Authen::Krb5::Admin->init_with_password to work with something besides the default realm?

I tried:

my $MSAD_HOST = "AD domain controller";
my $MSAD_DOMAIN = "AD domain"

Authen::Krb5::init_context() or die $@;
  
my $krb5conf = Authen::Krb5::Admin::Config->new();
$krb5conf->admin_server($MSAD_HOST);
$krb5conf->realm($MSAD_DOMAIN);

my $kadm5 = Authen::Krb5::Admin->init_with_password($user,
     $oldpw,
     KADM5_CHANGEPW_SERVICE,
     $krb5conf) or die $@;

[download]

The above always dies whe I try the init_with_password().

I can change the password using kpasswd:

$ kpasswd sptester@DOMAIN.NET

So I am guessing there is something wrong with my syntax.

Replies are listed 'Best First'.
Re^4: Change a user's Kerberos Password?
by 5mi11er (Deacon) on Jul 08, 2009 at 15:45 UTC
    Well, what I did, because I needed to talk to two different AD domains, was to create two krb5.conf files.

    Example: Two companies, two domains, call them ZAY and BXC. First configure your krb5.conf file for connecting to the ZAY domain. Once you're able to kinit and net join to that domain, copy the krb5.conf to zay-krb5.conf.

    Next, configure the krb5.conf file to connect to the BXC domain. Once you're able to kinit and net join to that domain, copy the krb5.conf to bxc-krb5.conf.

    Once you know which domain you want to talk to, lets assume zay for this example, do this: 

    export KRB5_CONFIG='zay-krb5.conf'; perl <script name>

    [download]
    -Scott
[reply]
[d/l]

In Section Seekers of Perl Wisdom