kclient.sh revision 7c478bd95313f5f23a4c958a745db2134aa03244
#
# Copyright 2004 Sun Microsystems, Inc. All rights reserved.
# Use is subject to license terms.
#
# ident "%Z%%M% %I% %E% SMI"
#
# This script is used to setup the Kerberos client by
# supplying information about the Kerberos realm and kdc.
#
# be generated and local host's keytab file setup. The script
# can also optionally setup the system to do kerberized nfs and
# bringover a master krb5.conf copy from a specified location.
kdestroy -q -c $TMP_CCACHE 1>$TMP_FILE 2>&1
printf "---------------------------------------------------\n"
exit 1
}
typeset filename="$1"
typeset stat="$2"
fi
}
if [ -r $NFSSEC_FILE ]; then
fi
fi
}
typeset svc="$1"
# Reset conditional vars to 1
getprincsubcommand="getprinc $service_princ"
anksubcommand="addprinc -randkey $service_princ"
ktaddsubcommand="ktadd $service_princ"
bool1=$?
bool2=$?
egrep -s "add_principal: Principal or policy already exists while creating \"$service_princ@$REALM\"." $TMP_FILE
bool3=$?
bool4=$?
else
fi
else
fi
if [ $? -eq 0 ]; then
else
if [ $? -ne 0 ]; then
else
fi
fi
done
}
if [ -r $KRB5_CONFIG_FILE ]; then
fi
exec > $KRB5_CONFIG_FILE
if [ $? -ne 0 ]; then
fi
printf "[libdefaults]\n"
printf "\n[domain_realm]\n"
printf "\t$client_machine = $REALM\n"
else
printf "\n[realms]\n"
printf "\t}\n\n"
else
printf "\n\n"
fi
fi
else
printf "[realms]\n"
printf "\t}\n\n"
printf "[domain_realm]\n"
printf "\t$client_machine = $REALM\n"
fi
printf "[logging]\n"
#
# return output to TTY
#
}
question=$1
else
printf "$question [$default_answer]: \c"
fi
read answer
}
typeset question="$1"
answer=""
esac
done
}
yesno "$*"
fi
}
typeset file="$1"
do
fi
;;
fi
;;
checkval="ADMIN_PRINC"
fi
;;
fi
;;
else
fi
fi
;;
checkval="DNS_OPTIONS"
fi
;;
checkval="FQDN"
fi
;;
esac
done <$file
else
fi
}
typeset machine="$1"
typeset string="$2"
:
else
fi
# Output timesync warning if not using a profile, i.e. in
# interactive mode.
# It's difficult to sync up time with KDC esp. if in a
# zone so just print a warning about KDC time sync.
printf "\n$(gettext "Note, this system and the KDC's time must be within 5 minutes of each other for Kerberos to function. Both systems should run some form of time synchronization system like Network Time Protocol (NTP)").\n"
fi
}
typeset arg="$1"
else
fi
fi
}
typeset arg="$1"
else
else
fi
fi
}
integer count=1
else
else
fi
ping_check $fullhost "System"
:
else
fi
else
break
fi
done
fi
}
printf "\n$(gettext "Usage: kclient [ -n ] [ -R realm ] [ -k kdc ] [ -a adminuser ] [ -c filepath ] [ -d dnsarg ] [ -f fqdn_list ] [ -p profile ]")\n\n"
}
###########################
# Main section #
###########################
#
#
dns_lookup="no"
ask_fqdns="no"
checkval=""
profile=""
# Set OS release level to Solaris 10, inorder to track the requirement
else
TMP_FILE="/etc/krb5/krb5tmpfile.$$"
TMP_CCACHE="/etc/krb5/krb5tmpccache.$$"
fi
if [[ -z "$TMP_FILE" || -z "$TMP_CCACHE" ]]; then
exit 1
fi
#
# If we are interrupted, cleanup after ourselves
#
export PATH
else
exit 1
fi
else
exit 1
fi
printf "---------------------------------------------------\n"
#
# Check for uid 0, disallow otherwise
#
if [ $? -eq 0 ]; then
# uid is 0, go ahead ...
:
else
fi
else
fi
#
# Check for /etc/resolv.conf
#
if [ -r $RESOLV_CONF_FILE ]; then
do
domain) # Copy the entry into $fqdn
if [ -z "$text" ]; then
fi
break
;;
esac
done <$RESOLV_CONF_FILE
if [ -z "$fqdn" ]; then
fi
else
#
# /etc/resolv.conf not present, exit ...
#
fi
#
# Process the command-line arguments (if any)
#
OPTIND=1
do
;;
;;
;;
;;
;;
;;
;;
;;
\?) usage
;;
*) usage
;;
esac
done
#correct argument count after options
if [ -z "$options" ]; then
:
else
if [ $# -ne 0 ]; then
fi
fi
if [ -z "$dnsarg" ]; then
printf "\n$(gettext "Valid DNS lookup options are dns_lookup_kdc, dns_lookup_realm\nand dns_fallback. Refer krb5.conf(4) for further details").\n"
read dnsarg
fi
else
fi
if [ -z "$REALM" ]; then
read REALM
fi
if [ -z "$KDC" ]; then
read KDC
fi
# do nothing, KDC is in fqdn format
:
echo "$KDC"
else
else
# Attach fqdn to KDC, to get the Fully Qualified Domain Name
# of the KDC requested
fi
fi
#
# Ping to see if the kdc is alive !
#
#
# Start writing up the krb5.conf file, save the existing one
# if already present
#
#
# Done creating krb5.conf, so now we ...
#
# 1. kinit with ADMIN_PRINC
#
if [ -z "$ADMIN_PRINC" ]; then
read ADMIN_PRINC
fi
echo "$ADMIN_PRINC">$TMP_FILE
# Already in "/admin" format, do nothing
:
else
else
fi
fi
:
else
fi
#
# other than the one listed in resolv.conf(4) ?
#
if [ -z "$options" ]; then
echo
if [ "$ask_fqdns" = yes ]; then
read fqdnlist
else
fi
else
if [ -z "$fqdnlist" ]; then
fi
fi
#
#
echo
if [ -z "$options" ]; then
fi
echo; call_kadmin nfs
#
# Check to see if the system is a pre-S10 system which would
#
echo; call_kadmin root
fi
fi
# Add the host entry to the keytab
echo; call_kadmin host
#
# 4. Copy over krb5.conf master copy from filepath
#
if [ -z "$options" ]; then
echo
read filepath
fi
fi
if [ -z "$filepath" ]; then
:
else
if [ -r $filepath ]; then
if [ $? -eq 0 ]; then
else
fi
else
fi
fi
printf "\n---------------------------------------------------\n"
#
# 5. Cleanup, please !
#
exit 0