Overview

The functions provided by the Admin API, and the authorization they require, are listed in the table 3. The ``kadm5_'' prefix has been removed from each function name.

The function semantics in the following sections omit details that are the same for every function.

• The effects of every function are atomic.

• Every function performs an authorization check and returns the appropriate KADM5_AUTH_* error code if the caller does not have the required privilege. No other information or error code is ever returned to an unauthorized user.

• Every function checks its arguments for NULL pointers or other obviously invalid values, and returns EINVAL if any are detected.

• Any function that performs a policy check uses the policy named in the principal's policy field. If the POLICY bit is not set in the principal's aux_attributes field, however, the principal has no policy, so the policy check is not performed.

• Unless otherwise specified, all functions return KADM5_OK.

Table 3: Summary of functions and required authorization.

	Function Name	Authorization	Operation
	init	none	Open a connection with the kadm5 library. OBSOLETE but still provided--use init_with_password instead.
	init_with_password	none	Open a connection with the kadm5 library using a password to obtain initial credentials.
	init_with_skey	none	Open a connection with the kadm5 library using the keytab entry to obtain initial credentials.
	destroy	none	Close the connection with the kadm5 library.
	flush	none	Flush all database changes to disk; no-op when called remotely.
	create_principal	add	Create a new principal.
	delete_principal	delete	Delete a principal.
	modify_principal	modify	Modify the attributes of an existing principal (not password).
	rename_principal	add and delete	Rename a principal.
	get_principal	get2	Retrieve a principal.
	get_principals	list	Retrieve some or all principal names.
	chpass_principal	changepw2	Change a principal's password.
	chpass_principal_util	changepw2	Utility wrapper around chpass_principal.
	randkey_principal	changepw2	Randomize a principal's key.
	setkey_principal	setkey	Explicitly set a principal's keys.
	decrypt_key	none	Decrypt a principal key.
	create_policy	add	Create a new policy.
	delete_policy	delete	Delete a policy.
	modify_policy	modify	Modify the attributes of a policy.
	get_policy	get	Retrieve a policy.
	get_policies	list	Retrieve some or all policy names.
	free_principal_ent	none	Free the memory associated with an kadm5_principal_ent_t.
	free_policy_ent	none	Free the memory associated with an kadm5_policy_ent_t.
	get_privs	none	Return the caller's admin server privileges.