Kerberos Principals
Fredrik Tolf
fredrik at dolda2000.com
Wed Dec 21 13:22:23 EST 2005
On Wed, 2005-12-21 at 14:38 +0200, Amir Saad wrote:
> i'm replacing the NIS with LDAP and Kerberos, the question is , is there any way to automate the creation of the principals? do i have to add a pricipal for each user in my current system or there is a tool (like ldap migration) that can do that?
Is any tool other than kadmin needed? I don't know about your specific
situtation, but I'd do it with a shell command, like this:
ypcat passwd | while IFS=: read name rest; do
password=$(dd if=/dev/random bs=3 count=2 2>/dev/null | encode-base64)
kadmin -c "$KRB5CCNAME" -q "ank -pw $password $name"
echo "$name $password" >>/tmp/newpasswords
done
That requires your ccache to have a valid kadmin service ticket, though.
Get it with a command like "kinit -S kadmin/admin yourname/admin".
It also requires a base64 encoding program. The one I used comes from
Perl's MIME-Base64 module.
I don't know if there might be anything wrong with this way of doing it,
but in that case, I can't think of any.
Hope it helps.
Fredrik Tolf
More information about the Kerberos
mailing list