So I appear to be getting a TGT
---- cut here ----
#!/usr/bin/atperl
use Authen::Krb5;
use Data::Dumper;
my $adServer = 'kserver.mydomain.com';
my $ldapPort = '389';
my $ldapVersion = '3';
my $ldapBindDN = '[EMAIL PROTECTED]';
my $ldapBindPW = '[EMAIL PROTECTED]';
# init
my $k5ctx = Authen::Krb5::init_context() || die $!;
Authen::Krb5::init_ets();
my $cc = Authen::Krb5::cc_default();
# setup principals
my $cp_str = '[EMAIL PROTECTED]';
my $client_principal = Authen::Krb5::parse_name($cp_str) || die
Authen::Krb5::error();
my $sp_string = 'krbtgt/[EMAIL PROTECTED]';
my $server_principal = Authen::Krb5::parse_name($sp_string) || die
Authen::Krb5::error();
# puts the tgt in $cc
Authen::Krb5::get_in_tkt_with_password($client_principal, $server_principal,
$ldapBindPW, undef) || die Authen::Krb5::error();
---- cut here ----
It looked like doing a Authen::Krb5::change_password() looked like the easiest
way to determine is I could
get a servicre ticket is doing a change_password(), but I get this error:
---- cut here ----
$newPassword = '[EMAIL PROTECTED]';
Authen::Krb5::change_password($cc, $client_principal, $ldapBindPW, $newPass) ||
die Authen::Krb5::error();
---- cut here ----
but I appear to be missing something:
---- cut here ----
Requested effective lifetime is negative or too short at ./test.pl line 36.
---- cut here ----
Can anyone suggest where I might look for more guidance on this, I tried google
for a little while but didn't find much.
TIA
________________________________________________
Kerberos mailing list [email protected]
https://mailman.mit.edu/mailman/listinfo/kerberos
