aboutsummaryrefslogtreecommitdiff
path: root/lib/60-kerberos
diff options
context:
space:
mode:
Diffstat (limited to 'lib/60-kerberos')
-rw-r--r--lib/60-kerberos51
1 files changed, 51 insertions, 0 deletions
diff --git a/lib/60-kerberos b/lib/60-kerberos
new file mode 100644
index 0000000..a323e94
--- /dev/null
+++ b/lib/60-kerberos
@@ -0,0 +1,51 @@
+#!/bin/sh
+
+_boxconf_kadmin() {
+ case $BOXCONF_OS in
+ freebsd) _boxconf_kadmin=/usr/local/bin/kadmin ;;
+ *) _boxconf_kadmin=kadmin ;;
+ esac
+
+ "$_boxconf_kadmin" -p "$boxconf_username" -w "$boxconf_password" "$@"
+}
+
+_boxconf_kinit(){
+ case $BOXCONF_OS in
+ freebsd) /usr/local/bin/kinit "$@" ;;
+ *) kinit "$@" ;;
+ esac
+}
+
+add_principal(){
+ # Create a kerberos principal, if it doesn't already exist.
+ # Arguments are the same as MIT kadmin' add_principal.
+ # Final argument must be the principal name.
+ eval "_kap_princ=\$$#"
+ _boxconf_kadmin get_principal "$_kap_princ" \
+ || _boxconf_kadmin add_principal "$@"
+}
+
+ktadd(){
+ # Add a principal's keys to a keytab.
+ # Arguments are the same as MIT kadmin's ktadd.
+ _kkta_ktarg=false
+ _kkta_keytab=/etc/krb5.keytab
+ eval "_kkta_princ=\$$#"
+
+ # Extract the keytab argument from $@.
+ for _kkta_arg; do
+ if [ "$_kkta_ktarg" = true ]; then
+ _kkta_keytab=$_kkta_arg
+ break
+ else
+ case $_kkta_arg in
+ -k|-keytab) _kkta_ktarg=true ;;
+ esac
+ fi
+ done
+
+ # Check if we can kinit with the keytab. If not, get fresh keys.
+ if ! _boxconf_kinit -kt "$_kkta_keytab" -c MEMORY: "$_kkta_princ" 2>/dev/null; then
+ _boxconf_kadmin ktadd "$@"
+ fi
+}
generated by cgit v1.2.3 (git 2.25.1) at 2024-12-28 07:28:42 -0500