#!/bin/sh
echo "kadmin.local $@" | logger
cmd=""
realm=""
while true ; do
case $1 in
-r) realm="-r $2"; shift 2;;
-l) shift ;;
-q) cmd="$2" ; shift 2;;
--version) echo "kadmin.local: heimdal MIT emulation glue"; exit 0;;
-*) echo "$0: Bad option $1"; echo $usage; exit 1;;
*) break;;
esac
done
set -- $cmd
case $1 in
add_principal)
shift
mod=''
while true ; do
case $1 in
+requires_preauth)
mod="+requires-pre-auth${mod:+,}${mod}"
shift
;;
-allow_svr)
mod="+disallow-svr${mod:+,}${mod}"
shift
;;
*) break;;
esac
done
if test $ echo "add: no principal" | logger
exit 1
fi
principal="$1"
echo "principal: X${principal}X $(echo -n $principal | wc -c)" | logger
if test $(echo -n $principal | wc -c) = 40; then
echo "Refusing to create a BTMM hash user for Heimdal" | logger
exit 0
fi
mod="${mod:+--attributes=}${mod}"
cmd="/usr/sbin/kadmin -l $realm add --use-defaults --verbose $mod $principal"
echo "kadmin.local: $cmd" | logger
eval $cmd
res=$?
echo "kadmin.local: $res" | logger
exit $res
;;
modify_principal|modprinc)
shift
mod=''
expire=''
while true ; do
case $1 in
+requires_preauth)
mod="+requires-pre-auth${mod:+,}${mod}"
shift
;;
+allow_tix)
mod="-disallow-all-tix${mod:+,}${mod}"
shift
;;
-allow_tix)
mod="+disallow-all-tix${mod:+,}${mod}"
shift
;;
-certhash)
exit 0
shift 2
;;
-allow_svr)
mod="+disallow-svr${mod:+,}${mod}"
shift
;;
-expire)
shift 2
;;
-pwexpire)
shift 2
;;
+needschange)
mod="+requires-pw-change${mod:+,}${mod}"
shift
;;
-needschange)
mod="-requires-pw-change${mod:+,}${mod}"
shift
;;
-policy)
shift 2
;;
*) break;;
esac
done
if test $ echo "mod: no principal" | logger
exit 1
fi
principal="$1"
if test "X$mod" == "X"; then
echo "kadmin.local: no mod changed" | logger
exit 0
fi
mod="${mod:+--attributes=}${mod}"
cmd="/usr/sbin/kadmin -l $realm add --use-defaults $mod $principal"
echo "kadmin.local: $cmd" | logger
eval $cmd
res=$?
echo "kadmin.local: $res" | logger
exit $res
;;
delete_principal)
shift
mod=''
while true ; do
case $1 in
-force) shift ;;
*) break;;
esac
done
if test $ echo "delete: no principal" | logger
exit 1
fi
principal="$1"
exit 0
;;
get_principal)
shift
arg=''
while true ; do
case $1 in
-terse)
arg="--terse"
shift
;;
*) break;;
esac
done
if test $ echo "get: no principal" | logger
exit 1
fi
cmd="/usr/sbin/kadmin -l $realm get $arg $principal"
echo "kadmin.local: $cmd" | logger
eval $cmd
res=$?
echo "kadmin.local: $res" | logger
exit $res
;;
change_password)
shift
if test $ echo "change_password: no principal" | logger
exit 1
fi
principal="$1"
cmd="/usr/sbin/kadmin -l $realm cpw $principal"
echo "kadmin.local: $cmd" | logger
eval $cmd
res=$?
echo "kadmin.local: $res" | logger
exit $res
;;
delete_policy)
;;
add_policy)
;;
*)
echo "kadmin.local: unsupported command $@"
echo "kadmin.local: unsupported command: $@" | logger
exit 1
;;
esac
exit 0
lkdc=LKDC:SHA1.D0ED2D7ACBDDF64B63A50BC871D427A18F39646B
certhash=ABCEF0
kadmin.local -r $lkdc -q modify_principal +allow_tix user
kadmin.local -r $lkdc -q delete_principal -force $certhash
kadmin.local -r $lkdc -q delete_principal -force $certhash@$lkdc
kadmin.local -r $lkdc -q add_principal +requires_preauth -allow_svr $certhash
kadmin.local -r $lkdc -q modprinc +requires_preauth -certhash $certhash $certhash
kadmin.local -r $lkdc -q delete_principal -force foo