Yes, I thought about doing it that way. But I thought I would check if anything that didn't depend on parsing the output of kadmin[.local] was available first.
Thanks! jd On May 25, 2012, at 8:21, Oliver Loch <[email protected]> wrote: > Hi, > > it can be done pretty easy, like this: > > ======== SNIP ======= 8< ============= > > #!/usr/bin/env bash > > # kadmin tool to use > kadmin="/usr/bin/env kadmin.local" > > # local date in seconds since 1970 > ldate="$(date "+%s")" > > # list all principals available > $kadmin -q getprincs | grep -v -E '^Authenticating.*' | while read line; do > > # get the expired date of the principal > expdate="$($kadmin -q "getprinc ${line}" | grep -E '^Expiration > date.*' | awk '{ $1=""; $2="" > ; print $0}')"; > > # if the principal doesn't expire ... > if [[ "$expdate" =~ .*never.* ]]; then > > # output the principal > echo "$line will never expire" > # next round please > continue; > fi > > # transform date to seconds since 1970 > pedate=$(date -d "$expdate" "+%s"); > > # if the principals expire date is less than the local date... > if [ $pedate -lt $ldate ]; then > > # output that the principal is expired > echo "$line is expired on $expdate"; > else > > # output that the principal will expire on $expdate > echo "$line is valid till $expdate"; > fi > done > > =======>8======= SNAP ============== > > You get the idea? > > KR, > > Oliver > > Am 25.05.2012 um 13:01 schrieb John Devitofranceschi: > >> >> Are there any tools that would allow someone to generate reports from the >> KDC (or the local principal file) which answer questions like: >> >> Which principals are expired? >> >> Which principals have expired passwords? >> >> Which principals have passwords that will expire in N days? >> >> Which principals have policy "xyzzy"? >> >> You get the idea... >> >> Any pointers or pointers to pointers appreciated! >> >> jd >> >> >> ________________________________________________ >> Kerberos mailing list [email protected] >> https://mailman.mit.edu/mailman/listinfo/kerberos > ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
