Forum und email



These package allows you to access Kerberos V administration servers. You can create, modify, and delete Kerberos V principals and policies.

More information about Kerberos can be found at »

Documentation for Kerberos and KADM5 can be found at »

Resource Types

This extension defines a KADM5 handle returned by kadm5_init_with_password().

Predefined Constants

The constants below are defined by this extension, and will only be available when the extension has either been compiled into PHP or dynamically loaded at runtime.

Constants for Attribute Flags

The functions kadm5_create_principal(), kadm5_modify_principal(), and kadm5_modify_principal() allow to specify special attributes using a bitfield. The symbols are defined below:

Attributes for use by the KDC

Constants for Options

The functions kadm5_create_principal(), kadm5_modify_principal(), and kadm5_get_principal() allow to specify or return principal's options as an associative array. The keys for the associative array are defined as string constants below:

Options for creating/modifying/retrieving principals
constant funcdef description
KADM5_PRINCIPAL long The expire time of the princial as a Kerberos timestamp.
KADM5_PRINC_EXPIRE_TIME long The expire time of the princial as a Kerberos timestamp.
KADM5_LAST_PW_CHANGE long The time this principal's password was last changed.
KADM5_PW_EXPIRATION long The expire time of the principal's current password, as a Kerberos timestamp.
KADM5_MAX_LIFE long The maximum lifetime of any Kerberos ticket issued to this principal.
KADM5_MAX_RLIFE long The maximum renewable lifetime of any Kerberos ticket issued to or for this principal.
KADM5_MOD_NAME string The name of the Kerberos principal that most recently modified this principal.
KADM5_MOD_TIME long The time this principal was last modified, as a Kerberos timestamp.
KADM5_KVNO long The version of the principal's current key.
KADM5_POLICY string The name of the policy controlling this principal.
KADM5_CLEARPOLICY long Standard procedure is to assign the 'default' policy to new principals. KADM5_CLEARPOLICY suppresses this behaviour.
KADM5_LAST_SUCCESS long The KDC time of the last successfull AS_REQ.
KADM5_LAST_FAILED long The KDC time of the last failed AS_REQ.
KADM5_FAIL_AUTH_COUNT long The number of consecutive failed AS_REQs.
KADM5_RANDKEY long Generates a random password for the principal. The parameter password will be ignored.
KADM5_ATTRIBUTES long A bitfield of attributes for use by the KDC.


This simple example shows how to connect, query, print resulting principals and disconnect from a KADM5 database.

Example#1 KADM5 extension overview example



$principals kadm5_get_principals($handle);
$i=0$i<count($principals); $i++)

$policies kadm5_get_policies($handle);
$i=0$i<count($policies); $i++)

"<h1>get_principal [email protected]</h1>\n";

$options kadm5_get_principal($handle"[email protected]);
$keys array_keys($options);
$i=0$i<count($keys); $i++) {
$value $options[$keys[$i]];
"$keys[$i]: $value<br>\n";

$options = array(KADM5_PRINC_EXPIRE_TIME => 0);
kadm5_modify_principal($handle"[email protected]"$options);


Contact Information

If you have comments, bugfixes, enhancements or want to help in developing this you can send me a mail at » [email protected]. The project homepage can be found at »

Table of Contents