setup_testsuite revision 5739
5739N/A# The contents of this file are subject to the terms of the 5739N/A# Common Development and Distribution License (the "License"). 5739N/A# You may not use this file except in compliance with the License. 5739N/A# See the License for the specific language governing permissions 5739N/A# and limitations under the License. 5739N/A# When distributing Covered Code, include this CDDL HEADER in each 5739N/A# If applicable, add the following below this CDDL HEADER, with the 5739N/A# fields enclosed by brackets "[]" replaced with your own identifying 5739N/A# information: Portions Copyright [yyyy] [name of copyright owner] 5739N/A# Copyright (c) 2016, Oracle and/or its affiliates. All rights reserved. 5739N/A# Run this command as root to set up for sasl testsuite 5739N/A# creates a standard set of sasl users and makes them principals 5739N/A *)
echo "Architecture unknown" 5739N/A# realm used as default, edit if a different realm is desired. 5739N/A# realm for cross-realm auth. 5739N/A# password for all principals not added to keytab 5739N/A# Set this to the ID that is allowed to run kadmin 5739N/A# Be default you would do: "kadmin -p kdc/admin" and use the passwd above. 5739N/A# should be null if seting up master kdc 5739N/A -f: Force answer yes (non-interactive mode). Use with caution as 5739N/A this script will delete existing KDB. 5739N/A # ask question, set global answer 5739N/A # answer is a global set by ask 5739N/A echo "Exiting, no action performed" 5739N/A################################ Start of Main script ######################### 5739N/A print -
u2 "Error: $me must be run as root. aborting..." 5739N/A# Check for the testsuites we need 5739N/A echo "One or more packages failed to install" 5739N/A print -
u2 "Error: ping full hostname ${fqdn} failed. Aborting..." 5739N/Atrap "echo 'A command failed, aborting.'; exit 1" ERR 5739N/Atrap -
ERR # in kdcmgr destroy fails, run it again 5739N/Aprint "Existing KDC config destroyed." 5739N/Atrap "echo 'A command failed, aborting.'; exit 1" ERR 5739N/A# Note, this next section is adding various service principals local to 5739N/A# this system. If you have servers running on other systems, edit this 5739N/A# section to add the services using the FQDN hostnames of those systems 5739N/A# and ouput the keytab to a non-default filename. 5739N/A# You will then either copy the non-default filename created on the 5739N/A# system you ran this script on or login to the other system and do a 5739N/A# addprincs if not in slave mode 5739N/A # add service to KDC's keytab 5739N/A # add service to $host's keytab 5739N/A # Optional, Add service principals on KDC 5739N/A # randomizes the key anyway so use the -randkey option for addprinc). 5739N/A # "tester" needed for setup 5739N/Afi # addprincs if not in slave mode 5739N/A# turn off err trap because svcadm below may return an unimportant error 5739N/AError, the krb5kdc daemon did not start. You will not be able to do Kerberos 5739N/Aauthentication. Check your kerberos config and rerun this script. 5739N/Aif [[ -z $master_kdc ]] && ! svcadm enable -s svc:/network/security/kadmin:default 5739N/A svcs -x svc:/network/security/kadmin:default 5739N/AError, the kadmind daemon did not start. You will not be able to change 5739N/Apasswords or run the kadmin command. Make sure /etc/krb5/kadm5.acl is 5739N/Aconfigured properly and rerun this script. 5739N/Aif ! svcadm enable -s svc:/network/rpc/gss:default 5739N/A svcs -x svc:/network/rpc/gss:default 5739N/AError, the gss service did not start. You will not be able to do nfssec with sec=krb5* 5739N/Atmpccache=$(/usr/bin/mktemp /tmp/ccache_XXXXXX) 5739N/A[[ -n $tmpccache ]] || exit 1 5739N/Aif ! print "$passwd" | kinit -c $tmpccache tester 5739N/A print -u2 "Warning, kinit for tester princ failed, kdc setup is not working!" 5739N/A print "\nRun the following commands to transfer generated keytabs:" 5739N/A print ${kt_transfer_command[i]}