Geek Answers Handbook

Script Kerberos Ktutil for creating keytabs

I want to create a script that will generate keytab using ktutil. When running the script, I want to use [user] $ script.sh PASSWORD

#script.sh echo "addent -password -p PRINCIPAL -k 1 -e aes256-cts-hmac-sha1-96" | ktutil

Ktutil, why do I need a password, here I want to use the PASSWORD argument above. How can I pass the password check?

+7
bash passwords pipe kerberos keytab
source share
3 answers

With GNU bash:

 user="PRINCIPAL" pass="topsecret" printf "%b" "addent -password -p $user -k 1 -e aes256-cts-hmac-sha1-96\n$pass\nwrite_kt $user.keytab" | ktutil printf "%b" "read_kt $user.keytab\nlist" | ktutil

Output:

  slot KVNO Principal
 ---- ---- ------------------------------------------ ---------------------------
    1 1 PRINCIPAL@YOURDOMAIN
+10
source share

Python version

https://github.com/Tagar/stuff/blob/master/keytab.py

the password for ktutil passwords in the shell is not protected, as the password will be displayed in the process list.

Since these Python scripts simply interact with ktutil using the pexpect library, you can implement the same thing as a pure shell script using expect .

Hope this helps.

+1
source share

To create several default keys and hbase, pipe, hdfs keytab keys at the same time, you can run below script that I just created:

 #!/bin/bash read -p "Please enter space-delimited list of ORGS to create: " NEW_ORGS clear #echo "################# CREATE KEYTABS ############################" #echo "" kdestroy for i in $NEW_ORGS do printf "%b" "addent -password -p ${i} -k 1 -e aes256-cts-hmac-sha1-96\n${i}\nwrite_kt ${i}.keytab" | ktutil printf "%b" "read_kt ${i}.keytab\nlist" | ktutil done echo "" if [ ! -e /home/eip/.keytabs/hbase.keytab ] then printf "%b" "addent -password -p hbase -k 1 -e aes256-cts-hmac-sha1-96\nhbase\nwrite_kt hbase.keytab" | ktutil printf "%b" "read_kt hbase.keytab\nlist" | ktutil fi exit 0
+1
source share

More articles:


All Articles