From 5a8c77f97b30ab2c81f7170a12dddb4ab9972414 Mon Sep 17 00:00:00 2001 From: Matthieu Patou Date: Mon, 28 Jun 2010 21:38:35 +0400 Subject: s4: create a simple version of ktpass This script is intended to be a replacement for the ktutil of Windows. It's use is for exporting keytab that will be used for kerberized services. --- source4/scripting/bin/ktpass.sh | 93 +++++++++++++++++++++++++++++++++++++++++ 1 file changed, 93 insertions(+) create mode 100755 source4/scripting/bin/ktpass.sh diff --git a/source4/scripting/bin/ktpass.sh b/source4/scripting/bin/ktpass.sh new file mode 100755 index 0000000000..92b1976932 --- /dev/null +++ b/source4/scripting/bin/ktpass.sh @@ -0,0 +1,93 @@ +#!/usr/bin/env bash +# vim: expandtab +# +# Copyright (C) Matthieu Patou 2010 +# +# +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +name="ktpass.sh" +TEMP=`getopt -o h --long princ:,pass:,out:,host:,ptype:,enc:,path-to-ldbsearch: \ + -n "$name" -- "$@"` +eval set -- "$TEMP" + +function usage { + echo -ne "$name --out --princ --pass |*\n" + echo -ne " [--host hostname] [--enc ]\n" + echo -ne " [--ptype ] [--path-to-ldbsearch ]\n" + echo -ne "\nEncoding should be one of:\n" + echo -ne " * des-cbc-crc\n" + echo -ne " * des-cbc-md5\n" + echo -ne " * rc4-hmac (default)\n" + echo -ne " * aes128-cts\n" + echo -ne " * aes256-cts\n" + exit 0 +} +while true ; do + case "$1" in + --out) outfile=$2 ; shift 2 ;; + --princ) princ=$2 ; shift 2 ;; + --pass) pass=$2 ; shift 2 ;; + --host) host=$2 ; shift 2 ;; + --ptype) shift 2 ;; + --enc) enc=$2; shift 2;; + --path-to-ldbsearch) path="$2/"; shift 2;; + -h) usage;; + --) shift ; break ;; + *) echo "Internal error!" ; exit 1 ;; + esac +done +#RC4-HMAC-NT|AES256-SHA1|AES128-SHA +if [ -z "$enc" ]; then + enc="rc4-hmac" +fi +if [ -z "$path" ]; then + path=`dirname $0`/../bin/ +fi +if [ -z "$outfile" -o -z "$princ" -o -z "$pass" ]; then + echo "At least one mandatory parameter (--out, --princ, --pass) was not specified" + usage +fi +if [ -z $host ]; then + host=`hostname` +fi +kvno=`${path}ldbsearch -H ldap://$host "(|(samaccountname=$princ)(serviceprincipalname=$princ))" msds-keyversionnumber -k 1 -N 2>/dev/null| grep -i msds-keyversionnumber` +if [ "$kvno" == "" ]; then + echo -ne "Unable to find kvno for principal $princ\n" + echo -ne " check that you are authentified with kerberos\n" + exit 1 +else + kvno=`echo $kvno | sed 's/^.*: //'` +fi + +if [ "$pass" == "*" ]; then + echo -n "Enter password for $princ: " + stty -echo + read pass + stty echo + echo "" +fi + +ktutil >/dev/null <