blob: 64d0886c81cc77c095e4ffe4bf9ac6bc950ed8b3 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
|
#!/bin/sh
#
#
# Copyright 2006 Sun Microsystems, Inc. All rights reserved.
# Use is subject to license terms.
#
#
#
#
#pragma ident "%Z%%M% %I% %E% SMI"
TEXTDOMAIN=SUNW_OST_OSCMD
export TEXTDOMAIN
# list_princs keytab
# returns a list of principals in the keytab
# sorted and uniquified
list_princs() {
klist -k $keytab | tail +4 | awk '{print $2}' | sort | uniq
}
set_command() {
if [ x$command != x ] ; then
cmd_error `gettext "Only one command can be specified"`
usage
exit 1
fi
command=$1
}
#interactive_prompt prompt princ
# If in interactive mode return true if the principal should be acted on
# otherwise return true all the time
#
# SUNW14resync: If in interactive mode the default is now to return false
# i.e. if in interactive mode unless the user types "Yes" or
# "yes" false will be returned.
#
interactive_prompt() {
if [ $interactive = 0 ] ; then
return 0
fi
PROMPT=`gettext "%s for %s? [yes no] "`
Y1=`gettext "yes"`
Y2=`gettext "Yes"`
printf "$PROMPT" "$1" "$2"
read ans
case $ans in
${Y1}|${Y2})
return 0
;;
esac
return 1
}
cmd_error() {
echo $@ 2>&1
}
usage() {
USAGE=`gettext "Usage: $0 [-i] [-f file] list|change|delete|delold"`
echo $USAGE
}
change_key() {
princs=`list_princs `
for princ in $princs; do
ACTION=`gettext "Change key"`
if interactive_prompt "$ACTION" $princ; then
kadmin -k -t $keytab -p $princ -q "ktadd -k $keytab $princ"
fi
done
}
delete_old_keys() {
princs=`list_princs `
for princ in $princs; do
ACTION=`gettext "Delete old keys"`
if interactive_prompt "$ACTION" $princ; then
kadmin -k -t $keytab -p $princ -q "ktrem -k $keytab $princ old"
fi
done
}
delete_keys() {
interactive=1
princs=`list_princs `
for princ in $princs; do
ACTION=`gettext "Delete all keys"`
if interactive_prompt "$ACTION" $princ; then
kadmin -p $princ -k -t $keytab -q "ktrem -k $keytab $princ all"
fi
done
}
keytab=/etc/krb5/krb5.keytab
interactive=0
CHANGE=`gettext "change"`
DELOLD=`gettext "delold"`
DELETE=`gettext "delete"`
LIST=`gettext "list"`
while [ $# -gt 0 ] ; do
opt=$1
shift
case $opt in
"-f")
keytab=$1
shift
;;
"-i")
interactive=1
;;
${CHANGE}|${DELOLD}|${DELETE}|${LIST})
set_command $opt
;;
*)
ILLEGAL=`gettext "Illegal option: "`
cmd_error $ILLEGAL $opt
usage
exit 1
;;
esac
done
case $command in
$CHANGE)
change_key
;;
$DELOLD)
delete_old_keys
;;
$DELETE)
delete_keys
;;
$LIST)
klist -k $keytab
;;
*)
usage
;;
esac
|
