Thank you for the responses so far. I've received a few suggestions that I use the dump file to gather my information, and I may go down that road. However, I am still interested if anyone has implemented anything using the kadmin protocol, so that the code does not need any local access to the KDC. Any comments?
Thank you all, -Matt Matthew J. Smith wrote: > Hello all, > > I am using MIT Krb5 1.4.3, and am looking to send an email > notification to my users 14 days before their passwords expire. I have > cobbled together a Proof-of-Concept using kadmin -q "getprinc -terse" to > scrape the password expiration date from each principal. The PoC works, > but seems "inefficient", requiring a getprinc to the KDC for each princ > returned by listprincs. Is there a better way? Is there a way to query > the KDC for a list of users whose password is about to expire? Or at > least, is there a kadm5_get_principals call that will return an array of > principal structures (instead of just a string[] of names), which I can > just iterate over locally, looking at expiration timestamps? > > Thank you for any insight you can offer, > -Matt > > --- > [EMAIL PROTECTED] > University of Connecticut ITS > > > ________________________________________________ > Kerberos mailing list Kerberos@mit.edu > https://mailman.mit.edu/mailman/listinfo/kerberos > ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos