-
Notifications
You must be signed in to change notification settings - Fork 0
/
create-kdc
executable file
·58 lines (46 loc) · 1.17 KB
/
create-kdc
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
#!/bin/bash
: ${LOGFILE:=/tmp/create_kdc.log}
: ${DEBUG:=1}
destroy_db() {
debug "Destroying current kerberos DB"
/usr/sbin/kdb5_util destroy -f
}
create_db() {
debug "Create new kerberos DB"
/usr/sbin/kdb5_util -P $KERB_MASTER_KEY -r $REALM create -s
}
stop_kdc() {
debug "Stop KDC"
/etc/rc.d/init.d/krb5kdc stop
/etc/rc.d/init.d/kadmin stop
}
start_kdc() {
debug "Start KDC"
/etc/rc.d/init.d/krb5kdc start
/etc/rc.d/init.d/kadmin start
chkconfig krb5kdc on
chkconfig kadmin on
}
restart_kdc() {
debug "Restart KDC"
/etc/rc.d/init.d/krb5kdc restart
/etc/rc.d/init.d/kadmin restart
}
create_admin_user() {
debug "Create admin user"
kadmin.local -q "addprinc -pw $KERB_ADMIN_PASS $KERB_ADMIN_USER/admin"
echo "*/admin@$REALM *" > /var/kerberos/krb5kdc/kadm5.acl
}
main() {
export KERB_ADMIN_USER=$(echo $PAYLOAD | cut -d" " -f 1);
export KERB_ADMIN_PASS=$(echo $PAYLOAD | cut -d" " -f 2);
export KERB_MASTER_KEY=$(echo $PAYLOAD | cut -d" " -f 3);
export REALM=$(echo $PAYLOAD | cut -d" " -f 4);
create_db
create_admin_user
start_kdc
}
debug(){
[[ "$DEBUG" ]] && echo "[DEBUG] $*" >> $LOGFILE
}
[[ "$0" == "$BASH_SOURCE" ]] && main "$@"