10 #define P1 "Enter new password: "
11 #define P2 "Enter it again: "
16 void get_name_from_passwd_file(program_name, kcontext, me)
18 krb5_context kcontext;
23 if (pw = getpwuid((int) getuid())) {
24 if ((code = krb5_parse_name(kcontext, pw->pw_name, me))) {
25 com_err (program_name, code, "when parsing name %s", pw->pw_name);
29 fprintf(stderr, "Unable to identify user from password file\n");
33 #else /* HAVE_PWD_H */
34 void get_name_from_passwd_file(kcontext, me)
35 krb5_context kcontext;
38 fprintf(stderr, "Unable to identify user\n");
41 #endif /* HAVE_PWD_H */
43 int main(int argc, char *argv[])
50 krb5_get_init_creds_opt opts;
55 krb5_auth_context auth_context;
58 krb5_data chpw_req, chpw_rep;
60 krb5_data result_code_string, result_string;
63 fprintf(stderr, "usage: %s [principal]\n", argv[0]);
69 if (ret = krb5_init_context(&context)) {
70 com_err(argv[0], ret, "initializing kerberos library");
75 krb5_init_ets(context);
78 /* in order, use the first of:
79 - a name specified on the command line
80 - the principal name from an existing ccache
81 - the name corresponding to the ruid of the process
83 otherwise, it's an error.
87 if (ret = krb5_parse_name(context, pname, &princ)) {
88 com_err(argv[0], ret, "parsing client name");
91 } else if ((ret = krb5_cc_default(context, &ccache)) != KRB5_CC_NOTFOUND) {
93 com_err(argv[0], ret, "opening default ccache");
97 if (ret = krb5_cc_get_principal(context, ccache, &princ)) {
98 com_err(argv[0], ret, "getting principal from ccache");
102 if (ret = krb5_cc_close(context, ccache)) {
103 com_err(argv[0], ret, "closing ccache");
107 get_name_from_passwd_file(argv[0], context, &princ);
110 krb5_get_init_creds_opt_init(&opts);
111 krb5_get_init_creds_opt_set_tkt_life(&opts, 5*60);
112 krb5_get_init_creds_opt_set_renew_life(&opts, 0);
113 krb5_get_init_creds_opt_set_forwardable(&opts, 0);
114 krb5_get_init_creds_opt_set_proxiable(&opts, 0);
116 if (ret = krb5_get_init_creds_password(context, &creds, princ, NULL,
117 krb5_prompter_posix, NULL,
118 0, "kadmin/changepw", &opts)) {
119 if (ret == KRB5KRB_AP_ERR_BAD_INTEGRITY)
121 "Password incorrect while getting initial ticket");
123 com_err(argv[0], ret, "getting initial ticket");
128 if (ret = krb5_read_password(context, P1, P2, pw, &pwlen)) {
129 com_err(argv[0], ret, "while reading password");
133 if (ret = krb5_change_password(context, &creds, pw,
134 &result_code, &result_code_string,
136 com_err(argv[0], ret, "changing password");
141 printf("%.*s%s%.*s\n",
142 result_code_string.length, result_code_string.data,
143 result_string.length?": ":"",
144 result_string.length, result_string.data);
148 free(result_string.data);
149 free(result_code_string.data);
151 printf("Password changed.\n");