diff options
-rwxr-xr-x | source4/scripting/bin/ktpass.sh | 93 |
1 files changed, 93 insertions, 0 deletions
diff --git a/source4/scripting/bin/ktpass.sh b/source4/scripting/bin/ktpass.sh new file mode 100755 index 0000000000..92b1976932 --- /dev/null +++ b/source4/scripting/bin/ktpass.sh @@ -0,0 +1,93 @@ +#!/usr/bin/env bash +# vim: expandtab +# +# Copyright (C) Matthieu Patou <mat@matws.net> 2010 +# +# +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see <http://www.gnu.org/licenses/>. + +name="ktpass.sh" +TEMP=`getopt -o h --long princ:,pass:,out:,host:,ptype:,enc:,path-to-ldbsearch: \ + -n "$name" -- "$@"` +eval set -- "$TEMP" + +function usage { + echo -ne "$name --out <keytabfile> --princ <principal> --pass <password>|*\n" + echo -ne " [--host hostname] [--enc <encryption>]\n" + echo -ne " [--ptype <type>] [--path-to-ldbsearch <path>]\n" + echo -ne "\nEncoding should be one of:\n" + echo -ne " * des-cbc-crc\n" + echo -ne " * des-cbc-md5\n" + echo -ne " * rc4-hmac (default)\n" + echo -ne " * aes128-cts\n" + echo -ne " * aes256-cts\n" + exit 0 +} +while true ; do + case "$1" in + --out) outfile=$2 ; shift 2 ;; + --princ) princ=$2 ; shift 2 ;; + --pass) pass=$2 ; shift 2 ;; + --host) host=$2 ; shift 2 ;; + --ptype) shift 2 ;; + --enc) enc=$2; shift 2;; + --path-to-ldbsearch) path="$2/"; shift 2;; + -h) usage;; + --) shift ; break ;; + *) echo "Internal error!" ; exit 1 ;; + esac +done +#RC4-HMAC-NT|AES256-SHA1|AES128-SHA +if [ -z "$enc" ]; then + enc="rc4-hmac" +fi +if [ -z "$path" ]; then + path=`dirname $0`/../bin/ +fi +if [ -z "$outfile" -o -z "$princ" -o -z "$pass" ]; then + echo "At least one mandatory parameter (--out, --princ, --pass) was not specified" + usage +fi +if [ -z $host ]; then + host=`hostname` +fi +kvno=`${path}ldbsearch -H ldap://$host "(|(samaccountname=$princ)(serviceprincipalname=$princ))" msds-keyversionnumber -k 1 -N 2>/dev/null| grep -i msds-keyversionnumber` +if [ "$kvno" == "" ]; then + echo -ne "Unable to find kvno for principal $princ\n" + echo -ne " check that you are authentified with kerberos\n" + exit 1 +else + kvno=`echo $kvno | sed 's/^.*: //'` +fi + +if [ "$pass" == "*" ]; then + echo -n "Enter password for $princ: " + stty -echo + read pass + stty echo + echo "" +fi + +ktutil >/dev/null <<EOF +add_entry -password -p $princ -k $kvno -e $enc +$pass +wkt $outfile +EOF + +if [ $? -eq 0 ]; then + echo "Keytab file $outfile created with success" +else + echo "Error while creating the keytab file $outfile" +fi |