[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Scripting kadmin
dtennant@panasas.com writes:
> Hello,
Hello.
> I was wondering if there was any way to create a script to bring up a
> kerberos realm?
Yes, I have been using the appeneded script for re-creating my test realm.
> Ideally I'd like to be able to create a realm, add a bunch
> of principals, and extract some keys to a keytab file. I'd be running this
> on a secure system, so it wouldn't be a problem to have cleartext passwords
> in the script or anything like that.
If you're running on the kdc, just use `kadmin -l'. If you're running
on another machine, you'll need to have a keytab there with rights on
the kadmin server, and send `-K' and `-p'.
/assar
#!/bin/sh
KADMIN=${KADMIN:-/usr/heimdal/sbin/kadmin}
KADMIN_FLAGS=${KADMIN_FLAGS:-"-l"}
KADMIN_INIT_FLAGS=${KADMIN_INIT_FLAGS:-"--realm-max-ticket-life=1day --realm-max-renewable-life=7days"}
KADMIN_ANK_FLAGS=${KADMIN_ANK_FLAGS:-"--max-ticket-life=1day --max-renewable-life=7days --attributes="}
rm -f /etc/krb5.keytab
cd /var/heimdal
rm -f heimdal.{dir,pag,lock} log kdc.log
host=`hostname`
${KADMIN} ${KADMIN_FLAGS} init ${KADMIN_INIT_FLAGS} FOO.SE
${KADMIN} ${KADMIN_FLAGS} ank -r ${KADMIN_ANK_FLAGS} host/$host
${KADMIN} ${KADMIN_FLAGS} ext host/$host
${KADMIN} ${KADMIN_FLAGS} ank -r ${KADMIN_ANK_FLAGS} changepw/kerberos
${KADMIN} ${KADMIN_FLAGS} ext changepw/kerberos
${KADMIN} ${KADMIN_FLAGS} ank ${KADMIN_ANK_FLAGS} -p foo assar/admin
${KADMIN} ${KADMIN_FLAGS} ank ${KADMIN_ANK_FLAGS} -p foo assar