Wallet::Kadmin::AD - Wallet Kerberos administration API for Active Directory

       Bill MacAllister <whm@dropbox.com> and Russ Allbery <eagle@eyrie.org> and Jon Robertson
       <jonrober@stanford.edu>.

perl v5.40.0                                       2024-11-12                            Wallet::Kadmin::AD(3pm)

       Wallet::Kadmin::AD implements the Wallet::Kadmin API for Active Directory Kerberos, providing an
       interface to create and delete principals and create keytabs.  It provides the API documented in
       Wallet::Kadmin for an Active Directory Kerberos KDC.

       AD Kerberos does not provide any method via msktutil to retrieve a keytab for a principal without
       rekeying it, so the keytab() method (as opposed to keytab_rekey(), which rekeys the principal) is
       implemented using a local keytab cache.

       To use this class, several configuration parameters must be set.  See "KEYTAB OBJECT CONFIGURATION" in
       Wallet::Config for details.

       Currently, this implementation calls an external msktutil program rather than using a native Perl module
       and therefore requires msktutil be installed and parses its output.

       Wallet::Kadmin::AD - Wallet Kerberos administration API for Active Directory

       msktutil, Wallet::Config(3), Wallet::Kadmin(3), Wallet::Object::Keytab(3), wallet-backend(8)

       This module is part of the wallet system.  The current version is available from
       <https://www.eyrie.org/~eagle/software/wallet/>.

           my $kadmin = Wallet::Kadmin::AD->new;
           $kadmin->create ('host/foo.example.com');
           my $data = $kadmin->keytab_rekey ('host/foo.example.com');
           $data = $kadmin->keytab ('host/foo.example.com');
           my $exists = $kadmin->exists ('host/oldshell.example.com');
           $kadmin->destroy ('host/oldshell.example.com') if $exists;