mirror of
https://github.com/samba-team/samba.git
synced 2025-01-19 10:03:58 +03:00
5a8c77f97b
This script is intended to be a replacement for the ktutil of Windows. It's use is for exporting keytab that will be used for kerberized services.
94 lines
2.7 KiB
Bash
Executable File
94 lines
2.7 KiB
Bash
Executable File
#!/usr/bin/env bash
|
|
# vim: expandtab
|
|
#
|
|
# Copyright (C) Matthieu Patou <mat@matws.net> 2010
|
|
#
|
|
#
|
|
#
|
|
# This program is free software; you can redistribute it and/or modify
|
|
# it under the terms of the GNU General Public License as published by
|
|
# the Free Software Foundation; either version 3 of the License, or
|
|
# (at your option) any later version.
|
|
#
|
|
# This program is distributed in the hope that it will be useful,
|
|
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
# GNU General Public License for more details.
|
|
#
|
|
# You should have received a copy of the GNU General Public License
|
|
# along with this program. If not, see <http://www.gnu.org/licenses/>.
|
|
|
|
name="ktpass.sh"
|
|
TEMP=`getopt -o h --long princ:,pass:,out:,host:,ptype:,enc:,path-to-ldbsearch: \
|
|
-n "$name" -- "$@"`
|
|
eval set -- "$TEMP"
|
|
|
|
function usage {
|
|
echo -ne "$name --out <keytabfile> --princ <principal> --pass <password>|*\n"
|
|
echo -ne " [--host hostname] [--enc <encryption>]\n"
|
|
echo -ne " [--ptype <type>] [--path-to-ldbsearch <path>]\n"
|
|
echo -ne "\nEncoding should be one of:\n"
|
|
echo -ne " * des-cbc-crc\n"
|
|
echo -ne " * des-cbc-md5\n"
|
|
echo -ne " * rc4-hmac (default)\n"
|
|
echo -ne " * aes128-cts\n"
|
|
echo -ne " * aes256-cts\n"
|
|
exit 0
|
|
}
|
|
while true ; do
|
|
case "$1" in
|
|
--out) outfile=$2 ; shift 2 ;;
|
|
--princ) princ=$2 ; shift 2 ;;
|
|
--pass) pass=$2 ; shift 2 ;;
|
|
--host) host=$2 ; shift 2 ;;
|
|
--ptype) shift 2 ;;
|
|
--enc) enc=$2; shift 2;;
|
|
--path-to-ldbsearch) path="$2/"; shift 2;;
|
|
-h) usage;;
|
|
--) shift ; break ;;
|
|
*) echo "Internal error!" ; exit 1 ;;
|
|
esac
|
|
done
|
|
#RC4-HMAC-NT|AES256-SHA1|AES128-SHA
|
|
if [ -z "$enc" ]; then
|
|
enc="rc4-hmac"
|
|
fi
|
|
if [ -z "$path" ]; then
|
|
path=`dirname $0`/../bin/
|
|
fi
|
|
if [ -z "$outfile" -o -z "$princ" -o -z "$pass" ]; then
|
|
echo "At least one mandatory parameter (--out, --princ, --pass) was not specified"
|
|
usage
|
|
fi
|
|
if [ -z $host ]; then
|
|
host=`hostname`
|
|
fi
|
|
kvno=`${path}ldbsearch -H ldap://$host "(|(samaccountname=$princ)(serviceprincipalname=$princ))" msds-keyversionnumber -k 1 -N 2>/dev/null| grep -i msds-keyversionnumber`
|
|
if [ "$kvno" == "" ]; then
|
|
echo -ne "Unable to find kvno for principal $princ\n"
|
|
echo -ne " check that you are authentified with kerberos\n"
|
|
exit 1
|
|
else
|
|
kvno=`echo $kvno | sed 's/^.*: //'`
|
|
fi
|
|
|
|
if [ "$pass" == "*" ]; then
|
|
echo -n "Enter password for $princ: "
|
|
stty -echo
|
|
read pass
|
|
stty echo
|
|
echo ""
|
|
fi
|
|
|
|
ktutil >/dev/null <<EOF
|
|
add_entry -password -p $princ -k $kvno -e $enc
|
|
$pass
|
|
wkt $outfile
|
|
EOF
|
|
|
|
if [ $? -eq 0 ]; then
|
|
echo "Keytab file $outfile created with success"
|
|
else
|
|
echo "Error while creating the keytab file $outfile"
|
|
fi
|