diff options
| author | mp153739 <none@none> | 2006-10-07 13:37:05 -0700 |
|---|---|---|
| committer | mp153739 <none@none> | 2006-10-07 13:37:05 -0700 |
| commit | 56a424cca6b3f91f31bdab72a4626c48c779fe8b (patch) | |
| tree | 9a50fae6e9e88996cc646a6b9a53425b2b8539d7 /usr/src/cmd/krb5/kadmin/cli/k5srvutil.sh | |
| parent | 124771bb5f403108fb9ed84bf6083c8d427d55ff (diff) | |
| download | illumos-joyent-56a424cca6b3f91f31bdab72a4626c48c779fe8b.tar.gz | |
PSARC 2006/424 Kerberos 1.4 KDC Resync
6406993 kdc and client resync with MIT 1.4
Diffstat (limited to 'usr/src/cmd/krb5/kadmin/cli/k5srvutil.sh')
| -rwxr-xr-x | usr/src/cmd/krb5/kadmin/cli/k5srvutil.sh | 147 |
1 files changed, 147 insertions, 0 deletions
diff --git a/usr/src/cmd/krb5/kadmin/cli/k5srvutil.sh b/usr/src/cmd/krb5/kadmin/cli/k5srvutil.sh new file mode 100755 index 0000000000..64d0886c81 --- /dev/null +++ b/usr/src/cmd/krb5/kadmin/cli/k5srvutil.sh @@ -0,0 +1,147 @@ +#!/bin/sh +# +# +# Copyright 2006 Sun Microsystems, Inc. All rights reserved. +# Use is subject to license terms. +# +# +# +# +#pragma ident "%Z%%M% %I% %E% SMI" + +TEXTDOMAIN=SUNW_OST_OSCMD +export TEXTDOMAIN + +# list_princs keytab +# returns a list of principals in the keytab +# sorted and uniquified +list_princs() { + klist -k $keytab | tail +4 | awk '{print $2}' | sort | uniq +} + +set_command() { + if [ x$command != x ] ; then + cmd_error `gettext "Only one command can be specified"` + usage + exit 1 + fi + command=$1 +} + +#interactive_prompt prompt princ +# If in interactive mode return true if the principal should be acted on +# otherwise return true all the time +# +# SUNW14resync: If in interactive mode the default is now to return false +# i.e. if in interactive mode unless the user types "Yes" or +# "yes" false will be returned. +# +interactive_prompt() { + if [ $interactive = 0 ] ; then + return 0 + fi + PROMPT=`gettext "%s for %s? [yes no] "` + Y1=`gettext "yes"` + Y2=`gettext "Yes"` + printf "$PROMPT" "$1" "$2" + read ans + case $ans in + ${Y1}|${Y2}) + return 0 + ;; + esac + return 1 + } + +cmd_error() { + echo $@ 2>&1 + } + +usage() { + USAGE=`gettext "Usage: $0 [-i] [-f file] list|change|delete|delold"` + echo $USAGE +} + + + +change_key() { + princs=`list_princs ` + for princ in $princs; do + ACTION=`gettext "Change key"` + if interactive_prompt "$ACTION" $princ; then + kadmin -k -t $keytab -p $princ -q "ktadd -k $keytab $princ" + fi + done + } + +delete_old_keys() { + princs=`list_princs ` + for princ in $princs; do + ACTION=`gettext "Delete old keys"` + if interactive_prompt "$ACTION" $princ; then + kadmin -k -t $keytab -p $princ -q "ktrem -k $keytab $princ old" + fi + done + } + +delete_keys() { + interactive=1 + princs=`list_princs ` + for princ in $princs; do + ACTION=`gettext "Delete all keys"` + if interactive_prompt "$ACTION" $princ; then + kadmin -p $princ -k -t $keytab -q "ktrem -k $keytab $princ all" + fi + done + } + + +keytab=/etc/krb5/krb5.keytab +interactive=0 + +CHANGE=`gettext "change"` +DELOLD=`gettext "delold"` +DELETE=`gettext "delete"` +LIST=`gettext "list"` + +while [ $# -gt 0 ] ; do + opt=$1 + shift + case $opt in + "-f") + keytab=$1 + shift + ;; + "-i") + interactive=1 + ;; + ${CHANGE}|${DELOLD}|${DELETE}|${LIST}) + set_command $opt + ;; + *) + ILLEGAL=`gettext "Illegal option: "` + cmd_error $ILLEGAL $opt + usage + exit 1 + ;; + esac +done + + +case $command in + $CHANGE) + change_key + ;; + $DELOLD) + delete_old_keys + ;; + $DELETE) + delete_keys + ;; + $LIST) + klist -k $keytab + ;; + *) + usage + ;; + esac |