diff options
| author | Sam Hartman <hartmans@mit.edu> | 2003-02-06 20:05:41 +0000 |
|---|---|---|
| committer | Sam Hartman <hartmans@mit.edu> | 2003-02-06 20:05:41 +0000 |
| commit | d3ed0f832618288208ca7b72c7ae0b724865a953 (patch) | |
| tree | 5dbdb623dd4c84242c8d739a84ba7e5a080fa7ed /src/kadmin/cli/k5srvutil.sh | |
| parent | 67c751774d700487072bf7539ff15f153566ee3a (diff) | |
| download | krb5-d3ed0f832618288208ca7b72c7ae0b724865a953.tar.gz krb5-d3ed0f832618288208ca7b72c7ae0b724865a953.tar.xz krb5-d3ed0f832618288208ca7b72c7ae0b724865a953.zip | |
Add k5srvutil
Add a script called k5srvutil that allows easy manipulation of keytabs
for common tasks such as changing keys and deleting outdated keys.
ticket: 1191
Tags: enhancement
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15159 dc483132-0cff-0310-8789-dd5450dbe970
Diffstat (limited to 'src/kadmin/cli/k5srvutil.sh')
| -rw-r--r-- | src/kadmin/cli/k5srvutil.sh | 117 |
1 files changed, 117 insertions, 0 deletions
diff --git a/src/kadmin/cli/k5srvutil.sh b/src/kadmin/cli/k5srvutil.sh new file mode 100644 index 0000000000..70b1b8548a --- /dev/null +++ b/src/kadmin/cli/k5srvutil.sh @@ -0,0 +1,117 @@ +#!/bin/sh + +# list_princs keytab +# returns a list of principals in the keytab +# sorted and uniquified +list_princs() { + klist -k $keytab | tail +4 | awk '{print $2}' | sort | uniq +} + +set_command() { + if [ x$command != x ] ; then + cmd_error Only one command can be specified + usage + exit 1 + fi + command=$1 +} + +#interactive_prompt prompt princ +# If in interactive mode return true if the principal should be acted on +# otherwise return true all the time +interactive_prompt() { + if [ $interactive = 0 ] ; then + return 0 + fi + printf "%s for %s? [yn]" "$1" "$2" + read ans + case $ans in + n*|N*) + return 1 + ;; + esac + return 0 + } + +cmd_error() { + echo $@ 2>&1 + } + +usage() { + echo "Usage: $0 [-i] [-f file] list|change|delete|delold" +} + + + +change_key() { + princs=`list_princs ` + for princ in $princs; do + if interactive_prompt "Change key " $princ; then + kadmin -k -t $keytab -p $princ -q "ktadd -k $keytab $princ" + fi + done + } + +delete_old_keys() { + princs=`list_princs ` + for princ in $princs; do + if interactive_prompt "Delete old keys " $princ; then + kadmin -k -t $keytab -p $princ -q "ktrem -k $keytab $princ old" + fi + done + } + +delete_keys() { + interactive=1 + princs=`list_princs ` + for princ in $princs; do + if interactive_prompt "Delete all keys " $princ; then + kadmin -p $princ -k -t $keytab -q "ktrem -k $keytab $princ all" + fi + done + } + + +keytab=/etc/krb5.keytab +interactive=0 + +while [ $# -gt 0 ] ; do + opt=$1 + shift + case $opt in + "-f") + keytab=$1 + shift + ;; + "-i") + interactive=1 + ;; + change|delold|delete|list) + set_command $opt + ;; + *) + cmd_error Illegal option: $opt + usage + exit 1 + ;; + esac +done + + +case $command in + change) + change_key + ;; + delold) + delete_old_keys + ;; + delete) + delete_keys + ;; + list) + klist -k $keytab + ;; + *) + usage + ;; + esac |