search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
dmake: do not set MAKEFLAGS=k
[unleashed/tickless.git] / usr / src / cmd / krb5 / kadmin / kdcmgr / kdcmgr.sh
blob9939ab571f336bc4ea3cb84e634ad69dbe6cd58b
1 #!/usr/bin/ksh
2 #
3 # CDDL HEADER START
4 #
5 # The contents of this file are subject to the terms of the
6 # Common Development and Distribution License (the "License").
7 # You may not use this file except in compliance with the License.
8 #
9 # You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
10 # or http://www.opensolaris.org/os/licensing.
11 # See the License for the specific language governing permissions
12 # and limitations under the License.
13 #
14 # When distributing Covered Code, include this CDDL HEADER in each
15 # file and include the License file at usr/src/OPENSOLARIS.LICENSE.
16 # If applicable, add the following below this CDDL HEADER, with the
17 # fields enclosed by brackets "[]" replaced with your own identifying
18 # information: Portions Copyright [yyyy] [name of copyright owner]
19 #
20 # CDDL HEADER END
21 #
22 # Copyright 2009 Sun Microsystems, Inc. All rights reserved.
23 # Use is subject to license terms.
24 #
25
26 #
27 # This command provides an simple interface to configure, destroy, and to obtain
28 # the status of a master or slave Kerberos KDC server.
29 #
30
31 function usage {
32
33 app=`basename $0`
34
35 printf "\n$(gettext "Usage: %s [ -a admprincipal ] [ -e enctype ] [ -h ]")\n" $app
36 printf "\t$(gettext "[ -p pwfile ] [ -r realm ] subcommand")\n\n"
37
38 printf "\t$(gettext "-a: Create non-default admin principal.")\n"
39 printf "\t$(gettext "-e: Encryption type used to encrypt the master key")\n"
40 printf "\t$(gettext "-h: This help message.")\n"
41 printf "\t$(gettext "-p: File that contains the admin principal and master key password.")\n"
42 printf "\t$(gettext "-r: Set the default realm for this server.")\n\n"
43
44 printf "\t$(gettext "where 'subcommand' is one of the following:")\n\n"
45
46 printf "\t$(gettext "create [ master ]")\n"
47 printf "\t$(gettext "create [ -m masterkdc ] slave")\n"
48 printf "\t$(gettext "destroy")\n"
49 printf "\t$(gettext "status")\n\n"
50
51 cleanup 1
52 }
53
54 function ask {
55
56 # ask question, set global answer
57 typeset question=$1 default_answer=$2
58 if [[ -z $default_answer ]]; then
59 print "$question \c"
60 else
61 print "$question [$default_answer]: \c"
62 fi
63 read answer
64 [ -z "$answer" ] && answer="$default_answer"
65 }
66
67 function yesno {
68
69 typeset question="$1"
70 # answer is a global set by ask
71 answer=
72 yn=`printf "$(gettext "y/n")"`
73 y=`printf "$(gettext "y")"`
74 n=`printf "$(gettext "n")"`
75 yes=`printf "$(gettext "yes")"`
76 no=`printf "$(gettext "no")"`
77
78 while [[ -z $answer ]]; do
79 ask "$question" $yn
80 case $answer in
81 $y|$yes) answer=yes;;
82 $n|$no) answer=no;;
83 *) answer=;;
84 esac
85 done
86 }
87
88 function query {
89
90 yesno "$*"
91 if [[ $answer = no ]]; then
92 printf "\t$(gettext "No action performed").\n"
93 fi
94 }
95
96 function cleanup {
97
98 integer ret=$1
99
100 kdestroy -q -c $TMP_CCACHE 1>$TMP_FILE 2>&1
101 rm -f $TMP_FILE
102
103 exit $ret
104 }
105
106 function error_message {
107
108 printf "---------------------------------------------------\n"
109 printf "$(gettext "Setup FAILED").\n\n"
110
111 cleanup 1
112 }
113
114 function check_bin {
115
116 bin=$1
117
118 if [[ ! -x $bin ]]; then
119 printf "$(gettext "Could not access/execute %s").\n" $bin
120 error_message
121 fi
122 }
123
124 function check_ret {
125
126 integer ret=$1
127 prog=$2
128
129 if [[ $ret -ne 0 ]]; then
130 printf "\n$(gettext "%s failed with return value %d, exiting").\n\n" $prog $ret
131 error_message
132 fi
133 }
134
135
136 function ok_to_proceed {
137
138 yesno "$@"
139
140 if [[ $answer = no ]]; then
141 printf "\n$(gettext "Exiting, no action performed")\n\n"
142 cleanup 0
143 fi
144 }
145
146 function check_value {
147
148 typeset arg="$1"
149
150 if [[ -z $arg ]]; then
151 printf "\n$(gettext "No input obtained for %s, exiting").\n" $checkval
152 error_message
153 else
154 echo "$arg">$TMP_FILE
155 if egrep -s '[*$^#!]+' $TMP_FILE; then
156 printf "\n$(gettext "Invalid input obtained for %s, exiting").\n" $checkval
157 error_message
158 fi
159 fi
160 }
161
162 function setup_kdc_conf {
163
164 printf "\n$(gettext "Setting up %s").\n" $KRB5_KDC_CONF
165
166 if [[ -r $KRB5_KDC_CONF ]]; then
167 cat $KRB5_KDC_CONF > $KRB5_KDC_CONF.sav
168 cannot_create $KRB5_KDC_CONF.sav $?
169 fi
170
171 exec 3>$KRB5_KDC_CONF
172 if [[ $? -ne 0 ]]; then
173 printf "\n$(gettext "Cannot write to %s, exiting").\n" $KRB5_KDC_CONF
174 error_message
175 fi
176
177 printf "\n[kdcdefaults]\n\tkdc_ports = 88,750\n\n" 1>&3
178 printf "[realms]\n\t$REALM = {\n" 1>&3
179 printf "\t\tprofile = $KRB5_KRB_CONF\n" 1>&3
180 printf "\t\tdatabase_name = $PRINCDB\n" 1>&3
181 printf "\t\tmaster_key_type = $ENCTYPE\n" 1>&3
182 printf "\t\tacl_file = $KADM5ACL\n" 1>&3
183 printf "\t\tkadmind_port = 749\n" 1>&3
184 printf "\t\tmax_life = 8h 0m 0s\n" 1>&3
185 printf "\t\tmax_renewable_life = 7d 0h 0m 0s\n" 1>&3
186 printf "\t\tdefault_principal_flags = +preauth\n" 1>&3
187
188 printf "\t\tsunw_dbprop_enable = true\n" 1>&3
189 if [[ $master = yes ]]; then
190 printf "\t\tsunw_dbprop_master_ulogsize = 1000\n" 1>&3
191 fi
192 if [[ $slave = yes ]]; then
193 printf "\t\tsunw_dbprop_slave_poll = 2m\n" 1>&3
194 fi
195
196 printf "\t}\n" 1>&3
197 }
198
199 function setup_krb_conf {
200
201 printf "\n$(gettext "Setting up %s").\n" $KRB5_KRB_CONF
202
203 if [[ -r $KRB5_KRB_CONF ]]; then
204 cat $KRB5_KRB_CONF > $KRB5_KRB_CONF.sav
205 cannot_create $KRB5_KRB_CONF.sav $?
206 fi
207
208 exec 3>$KRB5_KRB_CONF
209 if [[ $? -ne 0 ]]; then
210 printf "\n$(gettext "Cannot write to %s, exiting").\n" $KRB5_KRB_CONF
211 error_message
212 fi
213
214 printf "[libdefaults]\n" 1>&3
215 printf "\tdefault_realm = $REALM\n\n" 1>&3
216
217 printf "[realms]\n" 1>&3
218 printf "\t$REALM = {\n" 1>&3
219 if [[ $slave = yes ]]; then
220 printf "\t\tkdc = $master_hn\n" 1>&3
221 fi
222 printf "\t\tkdc = $fqhn\n" 1>&3
223 if [[ $master = yes ]]; then
224 printf "\t\tadmin_server = $fqhn\n" 1>&3
225 else
226 printf "\t\tadmin_server = $master_hn\n" 1>&3
227 fi
228 printf "\t}\n\n" 1>&3
229
230 printf "[domain_realm]\n" 1>&3
231 printf "\t.$domain = $REALM\n\n" 1>&3
232
233 printf "[logging]\n" 1>&3
234 printf "\tdefault = FILE:/var/krb5/kdc.log\n" 1>&3
235 printf "\tkdc = FILE:/var/krb5/kdc.log\n" 1>&3
236 printf "\tkdc_rotate = {\n\t\tperiod = 1d\n\t\tversions = 10\n\t}\n\n" 1>&3
237
238 printf "[appdefaults]\n" 1>&3
239 printf "\tkinit = {\n\t\trenewable = true\n\t\tforwardable = true\n" 1>&3
240 printf "\t}\n" 1>&3
241 }
242
243 function cannot_create {
244
245 typeset filename="$1"
246 typeset stat="$2"
247 if [[ $stat -ne 0 ]]; then
248 printf "\n$(gettext "Cannot create/edit %s, exiting").\n" $filename
249 error_message
250 fi
251 }
252
253 function check_admin {
254
255 message=$1
256
257 if [[ -z $ADMIN_PRINC ]]; then
258 printf "$message"
259 read ADMIN_PRINC
260 checkval="ADMIN_PRINC"; check_value $ADMIN_PRINC
261 fi
262
263 echo "$ADMIN_PRINC">$TMP_FILE
264
265 if egrep -s '\/admin' $TMP_FILE; then
266 # Already in "/admin" format, do nothing
267 :
268 else
269 if egrep -s '\/' $TMP_FILE; then
270 printf "\n$(gettext "Improper entry for krb5 admin principal, exiting").\n"
271 error_message
272 else
273 ADMIN_PRINC=$(echo "$ADMIN_PRINC/admin")
274 fi
275 fi
276
277 }
278
279 function ping_check {
280
281 typeset machine="$1"
282
283 if $PING $machine > /dev/null 2>&1; then
284 :
285 else
286 printf "\n$(gettext "%s %s is unreachable, exiting").\n" $string $machine
287 error_message
288 fi
289 }
290
291 function check_host {
292
293 echo "$host">$TMP_FILE
294 if egrep -s '[^.]\.[^.]+$' $TMP_FILE; then
295 # do nothing, host is in fqhn format
296 :
297 else
298 if egrep -s '\.+' $TMP_FILE; then
299 printf "\n$(gettext "Improper format of host name: '%s'").\n"
300 printf "$(gettext "Expecting the following format: 'somehost.example.com' or 'somehost', exiting").\n"
301 error_message
302 else
303 # Attach fqdn to host, to get the Fully Qualified Domain
304 # Name of the host requested
305 host=$(echo "$host.$domain")
306 fi
307 fi
308
309 #
310 # Ping to see if the host is alive!
311 #
312 ping_check $host
313 }
314
315 function kill_daemons {
316
317 # Kill daemons so they won't go into maintenance mode
318 $SVCADM disable -s krb5kdc
319 if [[ $? -ne 0 ]]; then
320 printf "\n$(gettext "Error in disabling krb5kdc, exiting").\n"
321 error_message
322 fi
323 $SVCADM disable -s kadmin
324 if [[ $? -ne 0 ]]; then
325 printf "\n$(gettext "Error in disabling kadmind, exiting").\n"
326 error_message
327 fi
328 $SVCADM disable -s krb5_prop
329 if [[ $? -ne 0 ]]; then
330 printf "\n$(gettext "Error in disabling kpropd, exiting").\n"
331 error_message
332 fi
333
334 # Make sure that none of the daemons outside of SMF are running either
335 pkill kadmind
336 if [[ $? -gt 1 ]]; then
337 printf "\n$(gettext "Error in killing kadmind, exiting").\n"
338 error_message
339 fi
340 pkill krb5kdc
341 if [[ $? -gt 1 ]]; then
342 printf "\n$(gettext "Error in killing krb5kdc, exiting").\n"
343 error_message
344 fi
345 pkill kpropd
346 if [[ $? -gt 1 ]]; then
347 printf "\n$(gettext "Error in killing kpropd, exiting").\n"
348 error_message
349 fi
350 }
351
352 function setup_mkeytab {
353
354 check_admin "\n$(gettext "Enter the krb5 administrative principal to be created"): \c"
355
356 if [[ -z $PWFILE ]]; then
357 echo
358 $KADMINL -q "ank $ADMIN_PRINC"
359 check_ret $? $KADMINL
360 else
361 cat $PWFILE $PWFILE | $KADMINL -q "ank $ADMIN_PRINC" > /dev/null 2>&1
362 check_ret $? $KADMINL
363 fi
364
365 $KADMINL -q "ank -randkey host/$fqhn" 1>$TMP_FILE 2>&1
366 check_ret $? $KADMINL
367 $KADMINL -q "ktadd host/$fqhn" 1>$TMP_FILE 2>&1
368 check_ret $? $KADMINL
369 }
370
371 function setup_skeytab {
372
373 check_admin "\n$(gettext "Enter the krb5 administrative principal to be used"): \c"
374
375 printf "$(gettext "Obtaining TGT for %s") ...\n" $ADMIN_PRINC
376
377 if [[ -z $PWFILE ]]; then
378 kinit -c $TMP_CCACHE -S kadmin/$master_hn $ADMIN_PRINC
379 check_ret $? kinit
380 else
381 cat $PWFILE | kinit -c $TMP_CCACHE -S kadmin/$master_hn \
382 $ADMIN_PRINC > /dev/null 2>&1
383 fi
384 klist -c $TMP_CCACHE 1>$TMP_FILE 2>&1
385 if egrep -s "$(gettext "Valid starting")" $TMP_FILE && \
386 egrep -s "kadmin/$master_hn@$REALM" $TMP_FILE; then
387 :
388 else
389 printf "\n$(gettext "kinit of %s failed, exiting").\n" $ADMIN_PRINC
390 error_message
391 fi
392
393 $KADMIN -c $TMP_CCACHE -q "ank -randkey kiprop/$fqhn" 1>$TMP_FILE 2>&1
394 check_ret $? $KADMIN
395 $KADMIN -c $TMP_CCACHE -q "ktadd kiprop/$fqhn" 1>$TMP_FILE 2>&1
396 check_ret $? $KADMIN
397
398 $KADMIN -c $TMP_CCACHE -q "ank -randkey host/$fqhn" 1>$TMP_FILE 2>&1
399 check_ret $? $KADMIN
400 $KADMIN -c $TMP_CCACHE -q "ktadd host/$fqhn" 1>$TMP_FILE 2>&1
401 check_ret $? $KADMIN
402
403 kdestroy -q -c $TMP_CCACHE 1>$TMP_FILE 2>&1
404 check_ret $? $kdestroy
405 }
406
407 function setup_kadm5acl {
408
409 printf "\n$(gettext "Setting up %s").\n" $KADM5ACL
410
411 if [[ -r $KADM5ACL ]]; then
412 cat $KADM5ACL > $KADM5ACL.sav
413 cannot_create $KADM5ACL.sav $?
414 fi
415
416 exec 3>$KADM5ACL
417 if [[ $? -ne 0 ]]; then
418 printf "\n$(gettext "Cannot write to %s, exiting").\n" $KADM5ACL
419 error_message
420 fi
421
422 if [[ $master = yes ]]; then
423 printf "\n$ADMIN_PRINC@$REALM\t\tacmil\n" 1>&3
424 printf "\nkiprop/*@$REALM\t\tp\n" 1>&3
425 else
426 printf "\n*/admin@___default_realm___\t\t*\n" 1>&3
427 fi
428 }
429
430 function setup_kpropdacl {
431
432 printf "\n$(gettext "Setting up %s").\n\n" $KPROPACL
433
434 if [[ -r $KPROPACL ]]; then
435 cat $KPROPACL > $KPROPACL.sav
436 cannot_create $KPROPACL.sav $?
437 fi
438
439 exec 3>$KPROPACL
440 if [[ $? -ne 0 ]]; then
441 printf "\n$(gettext "Cannot write to %s, exiting").\n" $KPROPACL
442 error_message
443 fi
444 printf "\nhost/$master_hn@$REALM\n" 1>&3
445 }
446
447 function setup_master {
448
449 # create principal DB (KDB)
450 if [[ -z $PWFILE ]]; then
451 echo
452 kdb5_util create
453 check_ret $? kdb5_util
454 else
455 cat $PWFILE $PWFILE | kdb5_util create > /dev/null
456 check_ret $? kdb5_util
457 fi
458
459 setup_mkeytab
460 setup_kadm5acl
461
462 $SVCADM enable -r -s krb5kdc
463 $SVCADM enable -r -s kadmin
464 }
465
466 function setup_slave {
467
468 integer count=1
469
470 setup_skeytab
471
472 # Clear the kadm5acl, since the start methods look at this file
473 # to see if the server has been configured as a master server
474 setup_kadm5acl
475
476 setup_kpropdacl
477
478 $SVCADM enable -r -s krb5_prop
479
480 # Wait for full propagation of the database, in some environments
481 # this could take a few seconds
482 while [[ ! -f /var/krb5/principal ]]; do
483 if [[ count -gt $LOOPCNT ]]; then
484 printf "\n$(gettext "Could not receive updates from the master").\n"
485 error_message
486 ((count = count + 1))
487 fi
488 printf "$(gettext "Waiting for database from master")...\n"
489 sleep $SLEEPTIME
490 done
491
492 # The database is propagated now we need to create the stash file
493 if [[ -z $PWFILE ]]; then
494 kdb5_util stash
495 check_ret $? kdb5_util
496 else
497 cat $PWFILE | kdb5_util stash > /dev/null 2>&1
498 check_ret $? kdb5_util
499 fi
500
501 $SVCADM enable -r -s krb5kdc
502 }
503
504 function kdb5_destroy {
505 typeset status=0
506 typeset arg=
507
508 [[ -n $REALM ]] && arg="-r $REALM"
509 printf "$(gettext "yes")\n" | kdb5_util $arg destroy > /dev/null 2>&1
510
511 status=$?
512 [[ $status -eq 0 ]] && return $status
513
514 # Could mean that the admin could have already removed part of the
515 # configuration. Better to check to see if anything else should be
516 # destroyed. We check by looking at any other stash files in /var/krb5
517 stashfiles=`ls $STASH`
518 for stash in $stashfiles
519 do
520 realm=${stash#*.k5.}
521 [[ -z $realm ]] && continue
522
523 printf "$(gettext "Found non-default realm: %s")\n" $realm
524 query "$(gettext "Do you wish to destroy realm"): $realm ?"
525 if [[ $answer == yes ]]; then
526 printf "$(gettext "yes")\n" | kdb5_util -r $realm destroy > /dev/null 2>&1
527 status=$?
528 if [[ $status -ne 0 ]]; then
529 printf "$(gettext "Could not destroy realm: %s")\n" $realm
530 return $status
531 fi
532 else
533 printf "$(gettext "%s will not be destroyed").\n" $realm
534 status=0
535 fi
536 done
537
538 return $status
539 }
540
541 function destroy_kdc {
542 typeset status
543
544 # Check first to see if this is an existing KDC or server
545 if [[ -f $KRB5KT || -f $PRINCDB || -f $OLDPRINCDB ]]
546 then
547 if [[ -z $PWFILE ]]; then
548 printf "\n$(gettext "Some of the following files are present on this system"):\n"
549 echo "\t$KRB5KT\n\t$PRINCDB\n\t$OLDPRINCDB\n\t$STASH\n"
550 if [[ -z $d_option ]]; then
551 printf "$(gettext "You must first run 'kdcmgr destroy' to remove all of these files before creating a KDC server").\n\n"
552 cleanup 1
553 else
554 ok_to_proceed "$(gettext "All of these files will be removed, okay to proceed?")"
555 fi
556 fi
557 else
558 if [[ -n $d_option ]]; then
559 printf "\n$(gettext "No KDC related files exist, exiting").\n\n"
560 cleanup 0
561 fi
562 return
563 fi
564
565 kdb5_destroy
566 status=$?
567
568 rm -f $KRB5KT
569
570 [[ $status -ne 0 ]] && cleanup 1
571 }
572
573 function kadm5_acl_configed {
574
575 if [[ -s $KADM5ACL ]]; then
576 grep -v '^[ ]*#' $KADM5ACL | \
577 egrep '_default_realm_' > /dev/null 2>&1
578 if [[ $? -gt 0 ]]; then
579 return 0
580 fi
581 fi
582
583 return 1
584 }
585
586 function status_kdc {
587
588 integer is_master=0
589
590 printf "\n$(gettext "KDC Status Information")\n"
591 echo "--------------------------------------------"
592 svcs -xv svc:/network/security/krb5kdc:default
593
594 if kadm5_acl_configed; then
595 is_master=1
596 printf "\n$(gettext "KDC Master Status Information")\n"
597 echo "--------------------------------------------"
598 svcs -xv svc:/network/security/kadmin:default
599 else
600 printf "\n$(gettext "KDC Slave Status Information")\n"
601 echo "--------------------------------------------"
602 svcs -xv svc:/network/security/krb5_prop:default
603 fi
604
605 printf "\n$(gettext "Transaction Log Information")\n"
606 echo "--------------------------------------------"
607 /usr/sbin/kproplog -h
608
609 printf "$(gettext "Kerberos Related File Information")\n"
610 echo "--------------------------------------------"
611 printf "$(gettext "(will display any missing files below)")\n"
612 FILELIST="$KRB5_KDC_CONF $KRB5_KRB_CONF $KADM5ACL $KRB5KT $PRINCDB "
613 for file in $FILELIST; do
614 if [[ ! -s $file ]]; then
615 printf "$(gettext "%s not found").\n" $file
616 fi
617 done
618 if [[ $is_master -eq 0 && ! -s $KPROPACL ]]; then
619 printf "$(gettext "%s not found").\n" $KPROPACL
620 fi
621
622 test ! -s $STASH &&
623 printf "$(gettext "Stash file not found") (/var/krb5/.k5.*).\n"
624 echo
625
626 cleanup 0
627 }
628
629 # Start of Main script
630
631 typeset -u REALM
632 typeset -l host
633 typeset -l fqhn
634
635 # Defaults
636 KRB5_KDC_CONF=/etc/krb5/kdc.conf
637 KRB5_KRB_CONF=/etc/krb5/krb5.conf
638 KADM5ACL=/etc/krb5/kadm5.acl
639 KPROPACL=/etc/krb5/kpropd.acl
640
641 KRB5KT=/etc/krb5/krb5.keytab
642 PRINCDB=/var/krb5/principal
643 OLDPRINCDB=/var/krb5/principal.old
644 STASH=/var/krb5/.k5.*
645
646 KADMINL=/usr/sbin/kadmin.local; check_bin $KADMINL
647 KADMIN=/usr/sbin/kadmin; check_bin $KADMIN
648 KDCRES=/usr/lib/krb5/klookup; check_bin $KDCRES
649 SVCADM=/usr/sbin/svcadm; check_bin $SVCADM
650 PING=/usr/sbin/ping; check_bin $PING
651
652 ENCTYPE=aes128-cts-hmac-sha1-96
653 LOOPCNT=10
654 SLEEPTIME=5
655
656 if [[ -x /usr/bin/mktemp ]]; then
657 TMP_FILE=$(/usr/bin/mktemp /etc/krb5/krb5tmpfile.XXXXXX)
658 TMP_CCACHE=$(/usr/bin/mktemp /etc/krb5/krb5tmpccache.XXXXXX)
659 else
660 TMP_FILE="/etc/krb5/krb5tmpfile.$$"
661 TMP_CCACHE="/etc/krb5/krb5tmpccache.$$"
662 fi
663
664 if [[ ! -f /etc/resolv.conf ]]; then
665 printf "$(gettext "Error: need to configure /etc/resolv.conf").\n"
666
667 cleanup 1
668 fi
669
670 fqhn=`$KDCRES`
671 if [[ -n "$fqhn" ]]; then
672 :
673 elif [[ -n $(hostname) && -n $(domainname) ]]; then
674 fqhn=$(hostname|cut -f1 -d'.').$(domainname|cut -f2- -d'.')
675 else
676 printf "$(gettext "Error: can not determine full hostname (FQHN). Aborting")\n"
677 printf "$(gettext "Note, trying to use hostname and domainname to get FQHN").\n"
678
679 cleanup 1
680 fi
681
682 ping_check $fqhn
683
684 domain=${fqhn#*.} # remove host part
685
686 exitmsg=`printf "$(gettext "Exiting...")"`
687
688 trap "echo $exitmsg; rm -f $TMP_FILE $TMP_CCACHE; exit 1" HUP INT QUIT TERM
689
690 while getopts :a:e:hp:r:s flag
691 do
692 case "$flag" in
693 a) ADMIN_PRINC=$OPTARG;;
694 e) ENCTYPE=$OPTARG;;
695 h) usage;;
696 p) PWFILE=$OPTARG
697 if [[ ! -r $PWFILE ]]; then
698 printf "\n$(gettext "Password file %s does not exist, exiting").\n\n" $PWFILE
699 cleanup 1
700 fi
701 ;;
702 r) REALM=$OPTARG;;
703 *) usage;;
704 esac
705 done
706 shift $(($OPTIND - 1))
707
708 case "$*" in
709 create) master=yes;;
710 "create master") master=yes;;
711 "create -m "*) host=$3
712 checkval="MASTER"; check_value $host
713 check_host
714 master_hn=$host
715 if [[ $4 != slave ]]; then
716 usage
717 fi;&
718 "create slave") slave=yes;;
719 destroy) d_option=yes
720 kill_daemons
721 destroy_kdc
722 cleanup 0;;
723 status) status_kdc;;
724 *) usage;;
725 esac
726
727 kill_daemons
728
729 printf "\n$(gettext "Starting server setup")\n"
730 printf "---------------------------------------------------\n"
731
732 # Checks for existing kdb and destroys if desired
733 destroy_kdc
734
735 if [[ -z $REALM ]]; then
736 printf "$(gettext "Enter the Kerberos realm"): \c"
737 read REALM
738 checkval="REALM"; check_value $REALM
739 fi
740
741 if [[ -z $master && -z $slave ]]; then
742 query "$(gettext "Is this machine to be configured as a master?"): \c"
743 master=$answer
744
745 if [[ $answer = no ]]; then
746 query "$(gettext "Is this machine to be configured as a slave?"): \c"
747 slave=$answer
748 if [[ $answer = no ]]; then
749 printf "\n$(gettext "Machine must either be a master or a slave KDC server").\n"
750 error_message
751 fi
752 fi
753 fi
754
755 if [[ $slave = yes && -z $master_hn ]]; then
756 printf "$(gettext "What is the master KDC's host name?"): \c"
757 read host
758 checkval="MASTER"; check_value $host
759 check_host
760 master_hn=$host
761 fi
762
763 setup_kdc_conf
764
765 setup_krb_conf
766
767 if [[ $master = yes ]]; then
768 setup_master
769 else
770 setup_slave
771 fi
772
773 printf "\n---------------------------------------------------\n"
774 printf "$(gettext "Setup COMPLETE").\n\n"
775
776 cleanup 0
unleashed repo fork