search

rjancewicz / python-kadmin

Python module for kerberos admin (kadm5)
MIT License
35 stars 40 forks source link

Access/modify attributes of principal #44

Open ehashman opened 8 years ago

ehashman commented 8 years ago

It would be cool if I could use this library to modify the "Attributes" field of principals; for instance, to set +needchange on user principals to expire passwords rather than hard-expiring them with a date.

Interface could look something like

>>> princ.attributes
['REQUIRES_PRE_AUTH']
>>> princ.attributes.append('REQUIRES_PWCHANGE')
>>> princ.attributes
['REQUIRES_PRE_AUTH', 'REQUIRES_PWCHANGE']

corresponding to

kadmin: getprinc foobar
Principal: foobar@REALM.CORP
...
Attributes: REQUIRES_PRE_AUTH REQUIRES_PWCHANGE
kadmin: modprinc +needchange foobar
Principal "foobar@REALM.CORP" modified.

in kadmin.

I could write a pull request if someone were to point me in the right direction re: docs, etc.

ghost commented 8 years ago

This functionality exists, it's just not documented...

princ.set_flags(kadmin.REQUIRES_PWCHANGE) princ.commit()

(Also princ.unset_flags)

ehashman commented 8 years ago

It exists, but the code hasn't been fleshed out (there are still comments floating around) and the interface could be more user-friendly. If I have time I plan on fixing this up and writing some docs.