oracular (3) Wallet::Kadmin::AD.3pm.gz

NAME

       Wallet::Kadmin::AD - Wallet Kerberos administration API for Active Directory

SYNOPSIS

           my $kadmin = Wallet::Kadmin::AD->new;
           $kadmin->create ('host/foo.example.com');
           my $data = $kadmin->keytab_rekey ('host/foo.example.com');
           $data = $kadmin->keytab ('host/foo.example.com');
           my $exists = $kadmin->exists ('host/oldshell.example.com');
           $kadmin->destroy ('host/oldshell.example.com') if $exists;

DESCRIPTION

       Wallet::Kadmin::AD implements the Wallet::Kadmin API for Active Directory Kerberos, providing an
       interface to create and delete principals and create keytabs.  It provides the API documented in
       Wallet::Kadmin for an Active Directory Kerberos KDC.

       AD Kerberos does not provide any method via msktutil to retrieve a keytab for a principal without
       rekeying it, so the keytab() method (as opposed to keytab_rekey(), which rekeys the principal) is
       implemented using a local keytab cache.

       To use this class, several configuration parameters must be set.  See "KEYTAB OBJECT CONFIGURATION" in
       Wallet::Config for details.

LIMITATIONS

       Currently, this implementation calls an external msktutil program rather than using a native Perl module
       and therefore requires msktutil be installed and parses its output.

SEE ALSO

       msktutil, Wallet::Config(3), Wallet::Kadmin(3), Wallet::Object::Keytab(3), wallet-backend(8)

       This module is part of the wallet system.  The current version is available from
       <https://www.eyrie.org/~eagle/software/wallet/>.

AUTHORS

       Bill MacAllister <whm@dropbox.com> and Russ Allbery <eagle@eyrie.org> and Jon Robertson
       <jonrober@stanford.edu>.