summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rwxr-xr-xsource4/scripting/bin/ktpass.sh93
1 files changed, 93 insertions, 0 deletions
diff --git a/source4/scripting/bin/ktpass.sh b/source4/scripting/bin/ktpass.sh
new file mode 100755
index 0000000000..92b1976932
--- /dev/null
+++ b/source4/scripting/bin/ktpass.sh
@@ -0,0 +1,93 @@
+#!/usr/bin/env bash
+# vim: expandtab
+#
+# Copyright (C) Matthieu Patou <mat@matws.net> 2010
+#
+#
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+
+name="ktpass.sh"
+TEMP=`getopt -o h --long princ:,pass:,out:,host:,ptype:,enc:,path-to-ldbsearch: \
+ -n "$name" -- "$@"`
+eval set -- "$TEMP"
+
+function usage {
+ echo -ne "$name --out <keytabfile> --princ <principal> --pass <password>|*\n"
+ echo -ne " [--host hostname] [--enc <encryption>]\n"
+ echo -ne " [--ptype <type>] [--path-to-ldbsearch <path>]\n"
+ echo -ne "\nEncoding should be one of:\n"
+ echo -ne " * des-cbc-crc\n"
+ echo -ne " * des-cbc-md5\n"
+ echo -ne " * rc4-hmac (default)\n"
+ echo -ne " * aes128-cts\n"
+ echo -ne " * aes256-cts\n"
+ exit 0
+}
+while true ; do
+ case "$1" in
+ --out) outfile=$2 ; shift 2 ;;
+ --princ) princ=$2 ; shift 2 ;;
+ --pass) pass=$2 ; shift 2 ;;
+ --host) host=$2 ; shift 2 ;;
+ --ptype) shift 2 ;;
+ --enc) enc=$2; shift 2;;
+ --path-to-ldbsearch) path="$2/"; shift 2;;
+ -h) usage;;
+ --) shift ; break ;;
+ *) echo "Internal error!" ; exit 1 ;;
+ esac
+done
+#RC4-HMAC-NT|AES256-SHA1|AES128-SHA
+if [ -z "$enc" ]; then
+ enc="rc4-hmac"
+fi
+if [ -z "$path" ]; then
+ path=`dirname $0`/../bin/
+fi
+if [ -z "$outfile" -o -z "$princ" -o -z "$pass" ]; then
+ echo "At least one mandatory parameter (--out, --princ, --pass) was not specified"
+ usage
+fi
+if [ -z $host ]; then
+ host=`hostname`
+fi
+kvno=`${path}ldbsearch -H ldap://$host "(|(samaccountname=$princ)(serviceprincipalname=$princ))" msds-keyversionnumber -k 1 -N 2>/dev/null| grep -i msds-keyversionnumber`
+if [ "$kvno" == "" ]; then
+ echo -ne "Unable to find kvno for principal $princ\n"
+ echo -ne " check that you are authentified with kerberos\n"
+ exit 1
+else
+ kvno=`echo $kvno | sed 's/^.*: //'`
+fi
+
+if [ "$pass" == "*" ]; then
+ echo -n "Enter password for $princ: "
+ stty -echo
+ read pass
+ stty echo
+ echo ""
+fi
+
+ktutil >/dev/null <<EOF
+add_entry -password -p $princ -k $kvno -e $enc
+$pass
+wkt $outfile
+EOF
+
+if [ $? -eq 0 ]; then
+ echo "Keytab file $outfile created with success"
+else
+ echo "Error while creating the keytab file $outfile"
+fi