Communications Software
plexcel_status
plexcel_find_authorities_by_domain
plexcel_get_authority
plexcel_get_domain
plexcel_log
plexcel_preamble
plexcel_authenticate
plexcel_sso
plexcel_logon
plexcel_logoff
plexcel_accept_token
plexcel_is_member_of
plexcel_set_password
plexcel_change_password
plexcel_gen_service_keytab
plexcel_search_objects
plexcel_get_account
plexcel_add_object
plexcel_modify_object
plexcel_delete_object
plexcel_set_attrdefs
plexcel_get_attrdefs
plexcel_set_conv_attrdefs
plexcel_gen_service_keytab |
Printer Friendly Format |
Synopsis
bool plexcel_gen_service_keytab(resource $px,
string $acctname,
string $password,
string $keytab_path)
Description
The plexcel_gen_service_keytab function creates a keytab file from the supplied account name and password. The first entry of the keytab file will have a principal matching the UPN of the named account. Additional entries will be created for each servicePrincipalName set on the named account. All cryptographic keys will be the same. They key is generated from the supplied password. The current enctype and knvo are extracted from a TGT for the account.
The following output of Heimdal's ktutil command shows the contents of a keytab file created using the plexcel_gen_service_keytab function.
/var/lib/plexcel/plexcel.keytab: Vno Type Principal 5 arcfour-hmac-md5 http_sso_www1@EXAMPLE.COM 5 arcfour-hmac-md5 HTTP/www1.example.com@EXAMPLE.COM 5 arcfour-hmac-md5 HTTP/as1.example.com@EXAMPLE.COMSample contents of a keytab file created with plexcel_gen_service_keytab
The $px parameter is the Plexcel context resource representing the directory binding and context specific state.
The $acctname parameter is the account name from which the keytab principals, enctype and kvno will be determined. Currently this parameter must be in user principal name form (e.g. server5@EXAMPLE.COM).
The $password parameter is the password with which the key for all keytab entries will be computed.
The $keytab_path is the full path name of the keytab file to be generated. An existing file will be overwritten.
Returns
The plexcel_gen_service_keytab function returns TRUE if the keytab file was successfully created. Otherwise, FALSE is returned in which case plexcel_status should be consulted.
Example
The following PHP fragment demonstrates how to properly use the plexcel_gen_service_keytab function. Note that there is no way to retrieve the password for an account. This example simply sets the password to a known value in advance.
if (plexcel_set_password($px, $userPrincipalName, $password) == FALSE) {
die('<pre>' . plexcel_status($px) . '</pre>';
} else {
if (plexcel_gen_service_keytab($px,
$userPrincipalName,
$password,
$ketab_path) == FALSE) {
die('<pre>' . plexcel_status($px) . '</pre>';
} else {
echo 'The keytab file was successfully created.';
}
}
A plexcel_gen_service_keytab example
See also
plexcel_set_password | plexcel_change_password