The idea behind this Tcl interface to the kadmin functionality is to
create a full scripting language for administrators to control their
systems.  If they find that they always are creating users with the
same set of options, or are trying to perform strange updates on their
entire user base, they should be able to do so.

The kadmin/testing directory contains the basis of a Tcl kadmin
interface, but is far too complex to really be used for a `user-level'
scripting language.  As an example, the initialization routine
requires seven parameters, one of which is a twenty-one element list.

Hence, this interface, which is based on both the kadmin/testing
ground and the kadmin/cli functionality.  The interface will define
the following Tcl commands, many of which should be familiar to users
of `kadmin' (one of the nice things about Tcl and the current kadmin
is that they use a very similar command structure):

kadm5_init [-realm realm-name] [-princ principal] [-password pw]
		[-ccache cache-name] [-keytab keytab-name] 

	Creates the kadm5_init interface, and returns an
	administration handle.  This handle is also stored in the
	kadm5_handle global variable.  The various options are
	identical to the similar options on starting up `kadmin'.

	Note that if no password is supplied via the -password option,
	a password will be prompted via the TTY as usual.

kadm5_strtodate str
kadm5_datetostr date
kadm5_strtodur str
kadm5_durtostr duration

	Converts between kadm5 integer representations of durations
	and dates and reasonable text representations.  Using either
	just numbers or just text will inevitably mean more work for
	some potential developer (like I did for me when I ended up
	writing a Tcl routine that did conversions from dates and
	durations to strings for the prototype GUI).

kadm5_getprinc principal-name

	Returns a list containing the various information for the
	principal.  Will return an error code if the principal can not
	be found.

	The list of information and its format are currently not
	nailed down, but will probably be similar to the list you get
	with kadmin's `getprinc -terse' option.  Some notable
	differences will be that the list of attributes will be a Tcl
	list with text names for the attributes.

kadm5_addprinc [-salt salttype] [-expire date] [-pwexpire date]
		[-maxlife life] [-policy pol] [-randkey] 
		[-password pw] [-flags flags] principal

	Adds a principal to the database.  The flags list contains a
	list of flags to set for the principal.
 
kadm5_modprinc [-salt salttype] [-expire date] [-pwexpire date]
		[-maxlife life] [-policy pol] [-clearpolicy]
		[[-|+]flagname] principal

	Modifies an existing principal.  The various flags can be
	added or deleted similar to the kadmin counterparts.

kadm5_delprinc principal

	Deletes a principal from the database.

kadm5_change_password [-salt salttype] [-randkey] principal [password]
kadm5_cpw [-salt salttype] [-randkey] principal [password]

	Changes password for the principal.  If the -randkey option is
	not given, the password should be, and vice versa.

kadm5_listprincs [searchstr]

	Returns a list of every principal in the database, or those
	matching the glob-format search string.  This, of course, is
	going to take a few minutes short of forever (and eat up a ton
	of memory) if the database is large enough, but is highly
	useful on small installations like Cygnus.  I'm providing it
	for its utility, but scriptwriters will need to be made aware
	of its limitations, and use some other workaround if the
	database gets large enough.

kadm5_getpol policy-name

	Gets a list of information for a given policy, similar to
	kadmin's `get_policy -terse' command.

kadm5_addpol [-maxlife life] [-minlife life] [-minlength length] 
		[-minclasses n] [-history n] policy-name
kadm5_modpol [-maxlife life] [-minlife life] [-minlength length] 
		[-minclasses n] [-history n] policy-name

	Adds or modifies the given policy-name.

kadm5_delpol policy-name

	Deletes the given policy.

kadm5_listpols

	Returns a list of the names of every policy in the database.

kadm5_ktadd [-keytab ktabname] principal-list ...

	Adds each principal in the argument list(s) to the default
	keytab, or the one provided with the -keytab option.

kadm5_ktremove [-keytab ktabname] principal 

	Removes the principal from the keytab.
