-
Notifications
You must be signed in to change notification settings - Fork 387
/
Copy pathinit_krb5.sh
executable file
·112 lines (93 loc) · 2.58 KB
/
init_krb5.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
#!/bin/bash
set -e
KRB5KDC=$(which krb5kdc || true)
KDB5_UTIL=$(which kdb5_util || true)
KADMIN=$(which kadmin.local || true)
if [ $# -lt 2 ]; then
echo "Usage $0 TARGET_DIR CMD..."
exit 1
fi
WRK_DIR=$1
shift
# Check installed packages
if [ -z ${KRB5KDC:+x} ] || [ -z ${KDB5_UTIL:+x} ] || [ -z ${KADMIN:+x} ]; then
echo "Missing Kerberos utilities, skipping environment setup."
exec $@
fi
if [ -e ${WRK_DIR} ]; then
echo "Working directory kdc already exists!"
exit 1
fi
WRK_DIR=$(readlink -f ${WRK_DIR})
KDC_DIR="${WRK_DIR}/krb5kdc"
###############################################################################
# Cleanup handlers
function kdclogs {
echo "Kerberos environment logs:"
tail -v -n50 ${KDC_DIR}/*.log
}
function killkdc {
if [ -e ${KDC_DIR}/kdc.pid ]; then
echo "Terminating KDC server listening on ${KDC_PORT}..."
kill -TERM $(cat ${KDC_DIR}/kdc.pid)
fi
rm -vfr ${WRK_DIR}
}
trap killkdc EXIT
trap kdclogs ERR
###############################################################################
export KRB5_TEST_ENV=${WRK_DIR}
export KRB5_CONFIG=${WRK_DIR}/krb5.conf
KDC_PORT=$((${RANDOM}+1024))
mkdir -vp ${WRK_DIR}
mkdir -vp ${KDC_DIR}
cat <<EOF >${WRK_DIR}/krb5.conf
[logging]
default = FILE:${KDC_DIR}/krb5libs.log
kdc = FILE:${KDC_DIR}/krb5kdc.log
admin_server = FILE:${KDC_DIR}/kadmind.log
[libdefaults]
dns_lookup_realm = false
ticket_lifetime = 24h
renew_lifetime = 7d
forwardable = true
rdns = false
default_realm = KAZOOTEST.ORG
default_tkt_enctypes=aes128-cts-hmac-sha1-96
default_tgs_enctypes=aes128-cts-hmac-sha1-96
#default_ccache_name = KEYRING:persistent:%{uid}
[realms]
KAZOOTEST.ORG = {
database_name = ${KDC_DIR}/principal
admin_keytab = FILE:${KDC_DIR}/kadm5.keytab
key_stash_file = ${KDC_DIR}/stash
kdc_listen = 127.0.0.1:${KDC_PORT}
kdc_tcp_listen = 127.0.0.1:${KDC_PORT}
kdc = 127.0.0.1:${KDC_PORT}
kdc_ports = ${KDC_PORT}
kdc_tcp_ports = ""
default_domain = KAZOOTEST.ORG
}
[domain_realm]
.kazootest.org = KAZOOTEST.ORG
kazootest.org = KAZOOTEST.ORG
EOF
cat <<EOF | ${KDB5_UTIL} create -s
passwd123
passwd123
EOF
cat <<EOF | ${KADMIN}
add_principal -randkey [email protected]
ktadd -k ${WRK_DIR}/client.keytab -norandkey [email protected]
add_principal -randkey zookeeper/[email protected]
ktadd -k ${WRK_DIR}/server.keytab -norandkey zookeeper/[email protected]
quit
EOF
# Starting KDC
echo "Starting KDC listening on ${KDC_PORT}..."
KRB5_KDC_PROFILE=${KRB5_CONFIG} ${KRB5KDC} \
-P ${KDC_DIR}/kdc.pid \
-p ${KDC_PORT} \
-r KAZOOTEST.ORG
# Execute the next command
$@