What is the correct function to use to retrieve principal information
without having to obtain a handle through an administrator login?
Maybe it's easier to explain by telling what I want to accomplish. We
authenticate users on a web page using krb5_get_init_creds_password.
I want to display things like how long until the users password
expires after they authenticate, and the only information I have to do
so is the username and password of the user/principal.

If I use kadm5_get_principal, can I get the handle for it with the
principal I'm getting the information on by using the PWCHANGE_SERVICE
flag instead of KADM5_ADMIN_SERVICE like so?

kadm5_init_with_password(auser, apass, KADM5__PWCHANGE_SERVICE, NULL,
KADM5_STRUCT_VERSION, KADM5_API_VERSION_2, &kadm5_handle);

Chris
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos