.\" -*- mode: troff; coding: utf-8 -*- .\" Automatically generated by Pod::Man 5.01 (Pod::Simple 3.43) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ . ds C` "" . ds C' "" 'br\} .el\{\ . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" ======================================================================== .\" .IX Title "Admin 3pm" .TH Admin 3pm 2024-03-24 "perl v5.38.2" "User Contributed Perl Documentation" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH NAME Authen::Krb5::Admin \- Perl extension for MIT Kerberos 5 admin interface .SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 2 \& use Authen::Krb5::Admin; \& use Authen::Krb5::Admin qw(:constants); .Ve .SH DESCRIPTION .IX Header "DESCRIPTION" The \fBAuthen::Krb5::Admin\fR Perl module is an object-oriented interface to the Kerberos 5 admin server. Currently only MIT KDCs are supported, but the author envisions seamless integration with other KDCs. .PP The following classes are provided by this module: .PP .Vb 5 \& Authen::Krb5::Admin handle for performing kadmin operations \& Authen::Krb5::Admin::Config kadmin configuration parameters \& Authen::Krb5::Admin::Key key data from principal object \& Authen::Krb5::Admin::Policy kadmin policies \& Authen::Krb5::Admin::Principal kadmin principals .Ve .SS "Configuration Parameters, Policies, and Principals" .IX Subsection "Configuration Parameters, Policies, and Principals" Before performing kadmin operations, the programmer must construct objects to represent the entities to be manipulated. Each of the classes .PP .Vb 4 \& Authen::Krb5::Admin::Config \& Authen::Krb5::Admin::Key \& Authen::Krb5::Admin::Policy \& Authen::Krb5::Admin::Principal .Ve .PP has a constructor \fInew\fR which takes no arguments (except for the class name). The new object may be populated using accessor methods, each of which is named for the C struct element it represents. Methods always return the current value of the attribute, except for the \fIpolicy_clear\fR method, which returns nothing. If a value is provided, the attribute is set to that value, and the new value is returned. .PP All attributes may be modified in each object, but read-only attributes will be ignored when performing kadmin operations. These attributes are indicated in the documentation for their accessor methods. .PP Each of the C functions that manipulate \fIkadm5\fR principal and policy structures takes a mask argument to indicate which fields should be taken into account. The Perl accessor methods take care of the mask for you, assuming that when you change a value, you will eventually want it changed on the server. .PP Flags for the read-only fields do not get set automatically because they would result in a bad mask error when performing kadmin operations. .PP Some writable attributes are not allowed to have their masks set for certain operations. For example, KADM5_POLICY may not be set during a \&\fIcreate_principal\fR operation, but since the Perl module sets that flag automatically when you set the \fIpolicy\fR attribute of the principal object, a bad mask error would result. Therefore, some kadmin operations automatically clear certain flags first. .PP Though you should never have to, you can manipulate the mask on your own using the \fImask\fR methods and the flags associated with each attribute (indicated in curly braces ({}s) below). Use the tag \&\fI:constants\fR to request that the flag constants (and all other constants) be made available (see \fBExporter\fR\|(3)). .IP \fBAuthen::Krb5::Admin::Config\fR 8 .IX Item "Authen::Krb5::Admin::Config" This class is used to configure a kadmin connection. Without this object, \fBAuthen::Krb5::Admin\fR constructors will default to the configuration defined in the Kerberos 5 profile (\fI/etc/krb5.conf\fR by default). So this object is usually only needed when selecting alternate realms or contacting a specific, non-default server. .Sp The only methods in this class are the constructor (\fInew\fR, described above) and the following accessor methods. .IP "admin_server {KADM5_CONFIG_ADMIN_SERVER}" 8 .IX Item "admin_server {KADM5_CONFIG_ADMIN_SERVER}" Admin server hostname .IP "kadmind_port {KADM5_CONFIG_KADMIND_PORT}" 8 .IX Item "kadmind_port {KADM5_CONFIG_KADMIND_PORT}" Admin server port number .IP "kpasswd_port {KADM5_CONFIG_KPASSWD_PORT}" 8 .IX Item "kpasswd_port {KADM5_CONFIG_KPASSWD_PORT}" Kpasswd server port number .IP mask 8 .IX Item "mask" Mask (described above) .IP "profile {KADM5_CONFIG_PROFILE}" 8 .IX Item "profile {KADM5_CONFIG_PROFILE}" Kerberos 5 configuration profile .IP "realm {KADM5_CONFIG_REALM}" 8 .IX Item "realm {KADM5_CONFIG_REALM}" Kerberos 5 realm name .IP \fBAuthen::Krb5::Admin::Key\fR 8 .IX Item "Authen::Krb5::Admin::Key" This class represents key data contained in kadmin principal objects. The only methods in this class are the constructor (\fInew\fR, described above) and the following accessor methods. .IP key_contents 8 .IX Item "key_contents" Key contents, encrypted with the KDC master key. This data may not be available remotely. .IP enc_type 8 .IX Item "enc_type" Kerberos 5 enctype of the key .IP key_type 8 .IX Item "key_type" Alias for \fIenc_type\fR .IP kvno 8 .IX Item "kvno" Key version number .IP salt_contents 8 .IX Item "salt_contents" Salt contents, if any (\fIver\fR > 1) .IP salt_type 8 .IX Item "salt_type" Salt type, if any (\fIver\fR > 1) .IP ver 8 .IX Item "ver" Version number of the underlying \fIkrb5_key_data\fR structure .IP \fBAuthen::Krb5::Admin::Policy\fR 8 .IX Item "Authen::Krb5::Admin::Policy" This class represents kadmin policies. The only methods in this class are the constructor (\fInew\fR, described above) and the following accessor methods. .IP mask 8 .IX Item "mask" Mask (described above) .IP "name {KADM5_POLICY}" 8 .IX Item "name {KADM5_POLICY}" Policy name .IP "pw_history_num {KADM5_PW_HISTORY_NUM}" 8 .IX Item "pw_history_num {KADM5_PW_HISTORY_NUM}" Number (between 1 and 10, inclusive) of past passwords to be stored for the principal. A principal may not set its password to any of its previous \fIpw_history_num\fR passwords. .IP "pw_max_life {KADM5_PW_MAX_LIFE}" 8 .IX Item "pw_max_life {KADM5_PW_MAX_LIFE}" Default number of seconds a password lasts before the principal is required to change it .IP "pw_max_fail {KADM5_PW_MAX_FAILURE}" 8 .IX Item "pw_max_fail {KADM5_PW_MAX_FAILURE}" The maximum allowed number of attempts before a lockout. .IP "pw_failcnt_interval {KADM5_PW_FAILURE_COUNT_INTERVAL}" 8 .IX Item "pw_failcnt_interval {KADM5_PW_FAILURE_COUNT_INTERVAL}" The period after which the bad preauthentication count will be reset. .IP "pw_lockout_duration {KADM5_PW_LOCKOUT_DURATION}" 8 .IX Item "pw_lockout_duration {KADM5_PW_LOCKOUT_DURATION}" The period in which lockout is enforced; a duration of zero means that the principal must be manually unlocked. .IP "pw_min_classes {KADM5_PW_MIN_CLASSES}" 8 .IX Item "pw_min_classes {KADM5_PW_MIN_CLASSES}" Number (between 1 and 5, inclusive) of required character classes represented in a password .IP "pw_min_length {KADM5_PW_MIN_LENGTH}" 8 .IX Item "pw_min_length {KADM5_PW_MIN_LENGTH}" Minimum number of characters in a password .IP "pw_min_life {KADM5_PW_MIN_LIFE}" 8 .IX Item "pw_min_life {KADM5_PW_MIN_LIFE}" Number of seconds a password must age before the principal may change it .IP "policy_refcnt {KADM5_REF_COUNT}" 8 .IX Item "policy_refcnt {KADM5_REF_COUNT}" Number of principals referring to this policy (read-only, does not set KADM5_REF_COUNT automatically) .IP Authen::Krb5::Admin::Principal 8 .IX Item "Authen::Krb5::Admin::Principal" The attributes \fIfail_auth_count\fR, \fIlast_failed\fR, and \fIlast_success\fR are only meaningful if the KDC is configured to update the database with this type of information. .Sp The only methods in this class are the constructor (\fInew\fR, described above), the following accessor methods, and \fIpolicy_clear\fR, which is used to clear the policy attribute. .IP "attributes {KADM5_ATTRIBUTES}" 8 .IX Item "attributes {KADM5_ATTRIBUTES}" Bitfield representing principal attributes (see \fBkadmin\fR\|(8)) .IP "aux_attributes {KADM5_AUX_ATTRIBUTES}" 8 .IX Item "aux_attributes {KADM5_AUX_ATTRIBUTES}" Bitfield used by kadmin. Currently only recognizes the KADM5_POLICY, which indicates that a policy is in effect for this principal. This attribute is read-only, so KADM5_AUX_ATTRIBUTES is not set automatically. .IP "fail_auth_count {KADM5_FAIL_AUTH_COUNT}" 8 .IX Item "fail_auth_count {KADM5_FAIL_AUTH_COUNT}" Number of consecutive failed AS_REQs for this principal. This attribute is read-only, so KADM5_FAIL_AUTH_COUNT is not set automatically. .IP "kvno {KADM5_KVNO}" 8 .IX Item "kvno {KADM5_KVNO}" Key version number .IP "last_failed {KADM5_LAST_FAILED}" 8 .IX Item "last_failed {KADM5_LAST_FAILED}" Time (in seconds since the Epoch) of the last failed AS_REQ for this principal. This attribute is read-only, so KADM5_LAST_FAILED is not set automatically. .IP "last_pwd_change {KADM5_LAST_PWD_CHANGE}" 8 .IX Item "last_pwd_change {KADM5_LAST_PWD_CHANGE}" Time (in seconds since the Epoch) of the last password change for this principal. This attribute is read-only, so KADM5_LAST_PWD_CHANGE is not set automatically. .IP "last_success {KADM5_LAST_SUCCESS}" 8 .IX Item "last_success {KADM5_LAST_SUCCESS}" Time (in seconds since the Epoch) of the last successful AS_REQ for this principal. This attribute is read-only, so KADM5_LAST_SUCCESS is not set automatically. .IP mask 8 .IX Item "mask" Mask (see above) .IP "max_life {KADM5_MAX_LIFE}" 8 .IX Item "max_life {KADM5_MAX_LIFE}" maximum lifetime in seconds of any Kerberos ticket issued to this principal .IP "max_renewable_life {KADM5_MAX_RLIFE}" 8 .IX Item "max_renewable_life {KADM5_MAX_RLIFE}" maximum renewable lifetime in seconds of any Kerberos ticket issued to this principal .IP "mod_date {KADM5_MOD_TIME}" 8 .IX Item "mod_date {KADM5_MOD_TIME}" Time (in seconds since the Epoch) this principal was last modified. This attribute is read-only, so KADM5_MOD_TIME is not set automatically. .IP "mod_name {KADM5_MOD_NAME}" 8 .IX Item "mod_name {KADM5_MOD_NAME}" Kerberos principal (\fBAuthen::Krb5::Principal\fR, see \&\fBAuthen::Krb5\fR\|(3)) that last modified this principal. This attribute is read-only, so KADM5_MOD_NAME is not set automatically. .IP "policy {KADM5_POLICY}" 8 .IX Item "policy {KADM5_POLICY}" Name of policy that affects this principal if KADM5_POLICY is set in \&\fIaux_attributes\fR .IP "policy_clear {KADM5_POLICY_CLR}" 8 .IX Item "policy_clear {KADM5_POLICY_CLR}" Not really an attribute\-\-disables the current policy for this principal. This method doesn't return anything. .IP "princ_expire_time {KADM5_PRINC_EXPIRE_TIME}" 8 .IX Item "princ_expire_time {KADM5_PRINC_EXPIRE_TIME}" Expire time (in seconds since the Epoch) of the principal .IP "principal {KADM5_PRINCIPAL}" 8 .IX Item "principal {KADM5_PRINCIPAL}" Kerberos principal itself (\fBAuthen::Krb5::Principal\fR, see \&\fBAuthen::Krb5\fR\|(3)) .IP "pw_expiration {KADM5_PW_EXPIRATION}" 8 .IX Item "pw_expiration {KADM5_PW_EXPIRATION}" Expire time (in seconds since the Epoch) of the principal's password .IP "db_args [@ARGS]" 8 .IX Item "db_args [@ARGS]" When called without any \f(CW@ARGS\fR, returns the list of arguments that will be passed into the underlying database, as with \f(CW\*(C`addprinc \-x\*(C'\fR in \&\f(CW\*(C`kadmin\*(C'\fR. If \f(CW@ARGS\fR is non-empty, it will replace any database arguments, which will then be returned, like this: .Sp .Vb 3 \& my @old = $principal\->db_args; \& # \-or\- \& my @old = $principal\->db_args(@new); \& \& # The RPC call will ignore the tail data unless \& # you set this flag: \& $principal\->mask($principal\->mask | KADM5_TL_DATA); .Ve .SS Operations .IX Subsection "Operations" To perform kadmin operations (addprinc, delprinc, etc.), we first construct an object of the class \fBAuthen::Krb5::Admin\fR, which contains a server handle. Then we use object methods to perform the operations using that handle. .PP In the following synopses, parameter types are indicated by their names as follows: .PP .Vb 8 \& $error Kerberos 5 error code \& $kadm5 Authen::Krb5::Admin \& $kadm5_config Authen::Krb5::Admin::Config \& $kadm5_pol Authen::Krb5::Admin::Policy \& $kadm5_princ Authen::Krb5::Admin::Principal \& $krb5_ccache Authen::Krb5::Ccache \& $krb5_princ Authen::Krb5::Principal \& $success TRUE if if the call succeeeded, undef otherwise .Ve .PP Everything else is an unblessed scalar value (or an array of them) inferable from context. .PP Parameters surrounded by square brackets ([]s) are each optional. .IP Constructors 8 .IX Item "Constructors" Each of the following constructors authenticates as \f(CW$client\fR to the admin server \f(CW$service\fR, which defaults to KADM5_ADMIN_SERVICE if undef. An undefined value for \f(CW$kadm5_config\fR will cause the interface to infer the configuration from the Kerberos 5 profile (\fI/etc/krb5.conf\fR by default). .ie n .IP "$kadm5 = Authen::Krb5::Admin\->init_with_creds($client, $krb5_ccache[, $service, $kadm5_config])" 8 .el .IP "\f(CW$kadm5\fR = Authen::Krb5::Admin\->init_with_creds($client, \f(CW$krb5_ccache\fR[, \f(CW$service\fR, \f(CW$kadm5_config\fR])" 8 .IX Item "$kadm5 = Authen::Krb5::Admin->init_with_creds($client, $krb5_ccache[, $service, $kadm5_config])" Authenticate using the credentials cached in \f(CW$krb5_ccache\fR. .ie n .IP "$kadm5 = Authen::Krb5::Admin\->init_with_password($client[, $password, $service, $kadm5_config])" 8 .el .IP "\f(CW$kadm5\fR = Authen::Krb5::Admin\->init_with_password($client[, \f(CW$password\fR, \f(CW$service\fR, \f(CW$kadm5_config\fR])" 8 .IX Item "$kadm5 = Authen::Krb5::Admin->init_with_password($client[, $password, $service, $kadm5_config])" Authenticate with \f(CW$password\fR. .ie n .IP "$kadm5 = Authen::Krb5::Admin\->init_with_skey($client[, $keytab_file, $service, $kadm5_config])" 8 .el .IP "\f(CW$kadm5\fR = Authen::Krb5::Admin\->init_with_skey($client[, \f(CW$keytab_file\fR, \f(CW$service\fR, \f(CW$kadm5_config\fR])" 8 .IX Item "$kadm5 = Authen::Krb5::Admin->init_with_skey($client[, $keytab_file, $service, $kadm5_config])" Authenticate using the keytab stored in \f(CW$keytab_file\fR. If \f(CW$keytab_file\fR is undef, the default keytab is used. .IP "Principal Operations" 8 .IX Item "Principal Operations" .PD 0 .ie n .IP "$success = $kadm5\->chpass_principal($krb5_princ, $password)" 8 .el .IP "\f(CW$success\fR = \f(CW$kadm5\fR\->chpass_principal($krb5_princ, \f(CW$password\fR)" 8 .IX Item "$success = $kadm5->chpass_principal($krb5_princ, $password)" .PD Change the password of \f(CW$krb5_princ\fR to \f(CW$password\fR. .ie n .IP "$success = $kadm5\->create_principal($kadm5_princ[, $password])" 8 .el .IP "\f(CW$success\fR = \f(CW$kadm5\fR\->create_principal($kadm5_princ[, \f(CW$password\fR])" 8 .IX Item "$success = $kadm5->create_principal($kadm5_princ[, $password])" Insert \f(CW$kadm5_princ\fR into the database, optionally setting its password to the string in \f(CW$password\fR. Clears KADM5_POLICY_CLR and KADM5_FAIL_AUTH_COUNT. .ie n .IP "$success = $kadm5\->delete_principal($krb5_princ)" 8 .el .IP "\f(CW$success\fR = \f(CW$kadm5\fR\->delete_principal($krb5_princ)" 8 .IX Item "$success = $kadm5->delete_principal($krb5_princ)" Delete the principal represented by \f(CW$krb5_princ\fR from the database. .ie n .IP "$kadm5_princ = $kadm5\->get_principal($krb5_princ[, $mask])" 8 .el .IP "\f(CW$kadm5_princ\fR = \f(CW$kadm5\fR\->get_principal($krb5_princ[, \f(CW$mask\fR])" 8 .IX Item "$kadm5_princ = $kadm5->get_principal($krb5_princ[, $mask])" Retrieve the Authen::Krb5::Admin::Principal object for the principal \&\f(CW$krb5_princ\fR from the database. Use KADM5_PRINCIPAL_NORMAL_MASK to retrieve all of the useful attributes. .ie n .IP "@names = $kadm5\->get_principals([$expr])" 8 .el .IP "\f(CW@names\fR = \f(CW$kadm5\fR\->get_principals([$expr])" 8 .IX Item "@names = $kadm5->get_principals([$expr])" Retrieve a list of principal names matching the glob pattern \f(CW$expr\fR. In the absence of \f(CW$expr\fR, retrieve the list of all principal names. .ie n .IP "$success = $kadm5\->modify_principal($kadm5_princ)" 8 .el .IP "\f(CW$success\fR = \f(CW$kadm5\fR\->modify_principal($kadm5_princ)" 8 .IX Item "$success = $kadm5->modify_principal($kadm5_princ)" Modify \f(CW$kadm5_princ\fR in the database. The principal to modify is determined by \f(CW\*(C`$kadm5_princ\->principal\*(C'\fR, and the rest of the writable parameters will be modified accordingly. Clears KADM5_PRINCIPAL. .ie n .IP "@keys = $kadm5\->randkey_principal($krb5_princ)" 8 .el .IP "\f(CW@keys\fR = \f(CW$kadm5\fR\->randkey_principal($krb5_princ)" 8 .IX Item "@keys = $kadm5->randkey_principal($krb5_princ)" Randomize the principal in the database represented by \f(CW$krb5_princ\fR and return \fBAuthen::Krb5::Keyblock\fR objects. .ie n .IP "$success = $kadm5\->rename_principal($krb5_princ_from, $krb5_princ_to)" 8 .el .IP "\f(CW$success\fR = \f(CW$kadm5\fR\->rename_principal($krb5_princ_from, \f(CW$krb5_princ_to\fR)" 8 .IX Item "$success = $kadm5->rename_principal($krb5_princ_from, $krb5_princ_to)" Change the name of the principal from \f(CW$krb5_princ_from\fR to \f(CW$krb5_princ_to\fR. .IP "Policy Operations" 8 .IX Item "Policy Operations" .PD 0 .ie n .IP "$success = $kadm5\->create_policy($kadm5_pol)" 8 .el .IP "\f(CW$success\fR = \f(CW$kadm5\fR\->create_policy($kadm5_pol)" 8 .IX Item "$success = $kadm5->create_policy($kadm5_pol)" .PD Insert \f(CW$kadm5_pol\fR into the database. .ie n .IP "$success = $kadm5\->delete_policy($name)" 8 .el .IP "\f(CW$success\fR = \f(CW$kadm5\fR\->delete_policy($name)" 8 .IX Item "$success = $kadm5->delete_policy($name)" Delete the policy named \f(CW$name\fR from the database. .ie n .IP "$kadm5_pol = $kadm5\->get_policy([$name])" 8 .el .IP "\f(CW$kadm5_pol\fR = \f(CW$kadm5\fR\->get_policy([$name])" 8 .IX Item "$kadm5_pol = $kadm5->get_policy([$name])" Retrieve the \fBAuthen::Krb5::Admin::Policy\fR object for the policy named \f(CW$name\fR from the database. .ie n .IP "@names = $kadm5\->get_policies([$expr])" 8 .el .IP "\f(CW@names\fR = \f(CW$kadm5\fR\->get_policies([$expr])" 8 .IX Item "@names = $kadm5->get_policies([$expr])" Retrieve a list of policy names matching the glob pattern \f(CW$expr\fR. In the absence of \f(CW$expr\fR, retrieve the list of all policy names. .ie n .IP "$success = $kadm5\->modify_policy($kadm5_pol)" 8 .el .IP "\f(CW$success\fR = \f(CW$kadm5\fR\->modify_policy($kadm5_pol)" 8 .IX Item "$success = $kadm5->modify_policy($kadm5_pol)" Modify \f(CW$kadm5_pol\fR in the database. The policy to modify is determined by \f(CW\*(C`$kadm5_pol\-\*(C'\fRname>,(and the rest of the writable) parameters will be modified accordingly. Clears KADM5_POLICY. .IP "Other Methods" 8 .IX Item "Other Methods" .PD 0 .ie n .IP "$magic_value = Authen::Krb5::Admin::error [$error]" 8 .el .IP "\f(CW$magic_value\fR = Authen::Krb5::Admin::error [$error]" 8 .IX Item "$magic_value = Authen::Krb5::Admin::error [$error]" .PD Return value that acts like $! (see \fBperlvar\fR\|(1)) for the most recent Authen::Krb5::Admin call. With error code \f(CW$error\fR, return the error message corresponding to that error code. .ie n .IP "$error_code = Authen::Krb5::Admin::error_code" 8 .el .IP "\f(CW$error_code\fR = Authen::Krb5::Admin::error_code" 8 .IX Item "$error_code = Authen::Krb5::Admin::error_code" Returns the value of the error code for the most recent Authen::Krb5::Admin call as a simple integer. .ie n .IP "$privs = $kadm5\->get_privs" 8 .el .IP "\f(CW$privs\fR = \f(CW$kadm5\fR\->get_privs" 8 .IX Item "$privs = $kadm5->get_privs" Return a bitfield representing the kadmin privileges a principal has, as follows: .Sp .Vb 4 \& get KADM5_PRIV_GET \& add KADM5_PRIV_ADD \& modify KADM5_PRIV_MODIFY \& delete KADM5_PRIV_DELETE .Ve .SH EXAMPLES .IX Header "EXAMPLES" See the unit tests included with this software for examlpes. They can be found in the \fIt/\fR subdirectory of the distribution. .SH FILES .IX Header "FILES" .Vb 1 \& krb.conf Kerberos 5 configuration file .Ve .SH BUGS .IX Header "BUGS" There is no facility for specifying keysalts for methods like \&\fIcreate_principal\fR and \fImodify_principal\fR. This facility is provided by the Kerberos 5 API and requires an initialized context. So it probably makes more sense for \fBAuthen::Krb5\|(3)\fR to handle those functions. .SH AUTHOR .IX Header "AUTHOR" Stephen Quinney .PP Author Emeritus: Andrew J. Korty .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBperl\fR\|(1), \fBperlvar\fR\|(1), \fBAuthen::Krb5\fR\|(3), \fBExporter\fR\|(3), \fBkadmin\fR\|(8).