1#!/bin/sh
2
3# list_princs keytab
4# returns a list of principals in the keytab
5# sorted and uniquified
6list_princs() {
7    klist -k $keytab | awk '(NR > 3) {print $2}' | sort | uniq
8}
9
10set_command() {
11    if [ x$command != x ] ; then
12	cmd_error Only one command can be specified
13	usage
14	exit 1
15    fi
16    command=$1
17}
18
19#interactive_prompt prompt princ
20# If in interactive mode  return  true if the principal  should be acted on
21# otherwise return true all the time
22interactive_prompt() {
23    if [ $interactive = 0 ] ; then
24	return 0
25    fi
26    printf "%s for %s? [yn]" "$1" "$2"
27    read ans
28    case $ans in
29    n*|N*)
30	return 1
31	;;
32    esac
33    return 0
34    }
35
36cmd_error() {
37    echo $@ 2>&1
38    }
39
40usage() {
41    echo "Usage: $0 [-i] [-f file] [-e keysalts] list|change|delete|delold"
42}
43
44
45
46change_key() {
47    princs=`list_princs `
48    for princ in $princs; do
49	if interactive_prompt "Change key " $princ; then
50	    kadmin -k -t $keytab -p $princ -q \
51		"ktadd -k $keytab $keysalts $princ"
52	fi
53    done
54    }
55
56delete_old_keys() {
57    princs=`list_princs `
58    for princ in $princs; do
59	if interactive_prompt "Delete old keys " $princ; then
60	    kadmin -k -t $keytab -p $princ -q "ktrem -k $keytab $princ old"
61	fi
62    done
63    }
64
65delete_keys() {
66    interactive=1
67    princs=`list_princs `
68    for princ in $princs; do
69	if interactive_prompt "Delete all keys " $princ; then
70	    kadmin -p $princ -k -t $keytab -q "ktrem -k $keytab $princ all"
71	fi
72    done
73    }
74
75
76keytab=/etc/krb5.keytab
77interactive=0
78keysalts=""
79
80while [ $# -gt 0 ] ; do
81    opt=$1
82    shift
83        case $opt in
84	"-f")
85	keytab=$1
86	shift
87	;;
88	"-i")
89	interactive=1
90	;;
91	"-e")
92	keysalts="$keysalts -e \"$1\""
93	shift
94	;;
95	change|delold|delete|list)
96	set_command $opt
97	;;
98	*)
99	cmd_error Illegal option: $opt
100	usage
101	exit 1
102	;;
103	esac
104done
105
106
107case $command in
108    change)
109    change_key
110    ;;
111    delold)
112    delete_old_keys
113    ;;
114    delete)
115    delete_keys
116    ;;
117    list)
118    klist -k $keytab
119    ;;
120    *)
121        usage
122	;;
123    esac
124