1#!/bin/sh 2 3# list_princs keytab 4# returns a list of principals in the keytab 5# sorted and uniquified 6list_princs() { 7 klist -k $keytab | awk '(NR > 3) {print $2}' | sort | uniq 8} 9 10set_command() { 11 if [ x$command != x ] ; then 12 cmd_error Only one command can be specified 13 usage 14 exit 1 15 fi 16 command=$1 17} 18 19#interactive_prompt prompt princ 20# If in interactive mode return true if the principal should be acted on 21# otherwise return true all the time 22interactive_prompt() { 23 if [ $interactive = 0 ] ; then 24 return 0 25 fi 26 printf "%s for %s? [yn]" "$1" "$2" 27 read ans 28 case $ans in 29 n*|N*) 30 return 1 31 ;; 32 esac 33 return 0 34 } 35 36cmd_error() { 37 echo $@ 2>&1 38 } 39 40usage() { 41 echo "Usage: $0 [-i] [-f file] [-e keysalts] list|change|delete|delold" 42} 43 44 45 46change_key() { 47 princs=`list_princs ` 48 for princ in $princs; do 49 if interactive_prompt "Change key " $princ; then 50 kadmin -k -t $keytab -p $princ -q \ 51 "ktadd -k $keytab $keysalts $princ" 52 fi 53 done 54 } 55 56delete_old_keys() { 57 princs=`list_princs ` 58 for princ in $princs; do 59 if interactive_prompt "Delete old keys " $princ; then 60 kadmin -k -t $keytab -p $princ -q "ktrem -k $keytab $princ old" 61 fi 62 done 63 } 64 65delete_keys() { 66 interactive=1 67 princs=`list_princs ` 68 for princ in $princs; do 69 if interactive_prompt "Delete all keys " $princ; then 70 kadmin -p $princ -k -t $keytab -q "ktrem -k $keytab $princ all" 71 fi 72 done 73 } 74 75 76keytab=/etc/krb5.keytab 77interactive=0 78keysalts="" 79 80while [ $# -gt 0 ] ; do 81 opt=$1 82 shift 83 case $opt in 84 "-f") 85 keytab=$1 86 shift 87 ;; 88 "-i") 89 interactive=1 90 ;; 91 "-e") 92 keysalts="$keysalts -e \"$1\"" 93 shift 94 ;; 95 change|delold|delete|list) 96 set_command $opt 97 ;; 98 *) 99 cmd_error Illegal option: $opt 100 usage 101 exit 1 102 ;; 103 esac 104done 105 106 107case $command in 108 change) 109 change_key 110 ;; 111 delold) 112 delete_old_keys 113 ;; 114 delete) 115 delete_keys 116 ;; 117 list) 118 klist -k $keytab 119 ;; 120 *) 121 usage 122 ;; 123 esac 124