+Mon Aug 12 20:20:11 1996 Ezra Peisach <epeisach@kangaroo.mit.edu>
+
+ * kadmin.1: Remove rename_principal. Add -maxrenewlife.
+
+ * kadmin.c (kadmin_getprinc): Display the maximum renewable life
+ field.
+ (kadmin_parse_princ_args): Add -maxrenwlife as a settable
+ field.
+
Mon Aug 12 11:47:31 1996 Barry Jaspan <bjaspan@mit.edu>
* kadmin_ct.ct: fix typo in add_principal
-maxlife _maxlife_
maximum ticket life of the principal
+ -maxrenewlife _maxrenewlife_
+ maximum renewable ticket lifetime of the principal
+
-kvno _kvno_
explicity set the key version number. This is not
recommended.
KADM5_UNK_POLICY (policy does not exist)
KADM5_BAD_MASK (shouldn't happen)
-rename_principal [-force] _old_ _new_
- rename the principal _old_ to _new_. Prompts for
- confirmation, unless the "-force" option is given. Requires
- both the "add" and "delete" privileges. Aliased to
- "renprinc".
-
- EXAMPLE
- kadmin: renprinc tlyutest test0
- Are you sure you want to rename the principal
- "tlyutest@ATHENA.MIT.EDU" to
- "test0@ATHENA.MIT.EDU"? (yes/no): yes
- Principal "tlyutest@ATHENA.MIT.EDU" renamed to
- "test0@ATHENA.MIT.EDU".
- Make sure that you have removed "tlyutest@ATHENA.MIT.EDU" from
- all ACLs before reusing.
- kadmin:
-
- ERRORS
- KADM5_AUTH_ADD (requires "add" privilege)
- KADM5_AUTH_DELETE (requires "delete" privilege)
- KADM5_UNK_PRINC (source principal does not exist)
- KADM5_DUP (target principal already exists)
-
change_password [options] _principal_
changes the password of _principal_. Prompts for a new
password if neither -randpass or -pw is specified. Requires
continue;
}
}
+ if (strlen(argv[i]) == 13 &&
+ !strcmp("-maxrenewlife", argv[i])) {
+ if (++i > argc - 2)
+ return -1;
+ else {
+ oprinc->max_renewable_life = get_date(argv[i], NULL) - now;
+ *mask |= KADM5_MAX_RLIFE;
+ continue;
+ }
+ }
if (strlen(argv[i]) == 5 &&
!strcmp("-kvno", argv[i])) {
if (++i > argc - 2)
{
fprintf(stderr, "usage: %s [options] principal\n", func);
fprintf(stderr, "\toptions are:\n");
- fprintf(stderr, "\t\t[-expire expdate] [-pwexpire pwexpdate] [-maxlife maxtixlife]\n\t\t[-kvno kvno] [-policy policy] [-randpass] [-pw password]\n\t\t[{+|-}attribute]\n");
+ fprintf(stderr, "\t\t[-expire expdate] [-pwexpire pwexpdate] [-maxlife maxtixlife]\n\t\t[-kvno kvno] [-policy policy] [-randpass] [-pw password]\n\t\t-maxrenewlife maxrenewlife] [{+|-}attribute]\n");
fprintf(stderr, "\tattributes are:\n");
fprintf(stderr, "\t\tallow_tgs_req, allow_tix, needchange, password_changing_service\n");
}
dprinc.pw_expiration ?
strdate(dprinc.pw_expiration) : "[none]");
printf("Maximum ticket life: %s\n", strdur(dprinc.max_life));
+ printf("Maximum renewable life: %s\n", strdur(dprinc.max_renewable_life));
printf("Last modified: by %s\n\ton %s\n",
modcanon, strdate(dprinc.mod_date));
printf("Last successful authentication: %s\n",