diff options
Diffstat (limited to 'ipa-admintools/ipa-passwd')
-rw-r--r-- | ipa-admintools/ipa-passwd | 36 |
1 files changed, 22 insertions, 14 deletions
diff --git a/ipa-admintools/ipa-passwd b/ipa-admintools/ipa-passwd index 20dea562..4db0838f 100644 --- a/ipa-admintools/ipa-passwd +++ b/ipa-admintools/ipa-passwd @@ -44,12 +44,12 @@ def parse_options(): return options, args -def get_principal(): +def get_principal(krbctx): try: - ctx = krbV.default_context() - ccache = ctx.default_ccache() + ccache = krbctx.default_ccache() cprinc = ccache.principal() except krbV.Krb5Error, e: + #TODO: do a kinit print "Unable to get kerberos principal: %s" % e[1] return None @@ -57,39 +57,47 @@ def get_principal(): def main(): match = False + username = None + principal = None + krbctx = krbV.default_context() options, args = parse_options() if len(args) == 2: username = args[1] else: - username = get_principal() - if username is None: + principal = get_principal(krbctx) + if principal is None: return 1 - u = username.split('@') - if len(u) > 1: - username = u[0] + if not principal: + u = username.split('@') + if len(u) > 2 or len(u) == 0: + print "Invalid user name (%s)" % username + if len(u) == 1: + principal = username+"@"+krbctx.default_realm + else: + principal = username - print "Changing password for %s" % username + print "Changing password for %s" % principal while (match != True): # No syntax checking of the password is required because that is done # on the server side password = getpass.getpass(" New Password: ") - confirm = getpass.getpass(" New Password (again): ") + confirm = getpass.getpass(" Confirm Password: ") if (password != confirm): print "Passwords do not match" match = False + elif (len(password) < 1): + print "Password cannot be empty" + match = False else: match = True - if (len(password) < 1): - print "Password cannot be empty" - match = False try: client = ipaclient.IPAClient() - client.modifyPassword(username, None, password) + client.modifyPassword(principal, None, password) except ipa.ipaerror.IPAError, e: print "%s" % (e.message) return 1 |