File: //usr/bin/k5srvutil
#!/bin/sh
# list_princs keytab
# returns a list of principals in the keytab
# sorted and uniquified
list_princs() {
klist -k $keytab | awk '(NR > 3) {print $2}' | sort | uniq
}
set_command() {
if [ x$command != x ] ; then
cmd_error Only one command can be specified
usage
exit 1
fi
command=$1
}
#interactive_prompt prompt princ
# If in interactive mode return true if the principal should be acted on
# otherwise return true all the time
interactive_prompt() {
if [ $interactive = 0 ] ; then
return 0
fi
printf "%s for %s? [yn]" "$1" "$2"
read ans
case $ans in
n*|N*)
return 1
;;
esac
return 0
}
cmd_error() {
echo $@ 2>&1
}
usage() {
echo "Usage: $0 [-i] [-f file] [-e keysalts] list|change|delete|delold"
}
change_key() {
princs=`list_princs `
for princ in $princs; do
if interactive_prompt "Change key " $princ; then
kadmin -k -t $keytab -p $princ -q \
"ktadd -k $keytab $keysalts $princ"
fi
done
}
delete_old_keys() {
princs=`list_princs `
for princ in $princs; do
if interactive_prompt "Delete old keys " $princ; then
kadmin -k -t $keytab -p $princ -q "ktrem -k $keytab $princ old"
fi
done
}
delete_keys() {
interactive=1
princs=`list_princs `
for princ in $princs; do
if interactive_prompt "Delete all keys " $princ; then
kadmin -p $princ -k -t $keytab -q "ktrem -k $keytab $princ all"
fi
done
}
keytab=/etc/krb5.keytab
interactive=0
keysalts=""
while [ $# -gt 0 ] ; do
opt=$1
shift
case $opt in
"-f")
keytab=$1
shift
;;
"-i")
interactive=1
;;
"-e")
keysalts="$keysalts -e \"$1\""
shift
;;
change|delold|delete|list)
set_command $opt
;;
*)
cmd_error Illegal option: $opt
usage
exit 1
;;
esac
done
case $command in
change)
change_key
;;
delold)
delete_old_keys
;;
delete)
delete_keys
;;
list)
klist -k $keytab
;;
*)
usage
;;
esac