Script Kerberos Ktutil to make keytabs
I want to make a script that will generate the a keytab using ktutil. When running the script I want to use [user]$ script.sh PASSWORD
#script.sh
echo \"addent -
-
enjoy
import os, getpass from subprocess import run, PIPE import sys userndomain, passwd, enctype = 'username@DOMAIN', 'secret', 'arcfour-hmac-md5' input_load = f"""add_entry -password -p {userndomain} -k 1 -e {enctype} {passwd} write_kt {user}.keytab quit """ p = run(['ktutil'], stdout=PIPE, input=input_load, encoding='ascii')讨论(0) -
To create the multiple orgs keytabs and default hbase,pipe,hdfs keytab at the same time you can run the below script, which i have just created:
#!/bin/bash read -p "Please enter space-delimited list of ORGS to create: " NEW_ORGS clear #echo "################# CREATE KEYTABS ############################" #echo "" kdestroy for i in $NEW_ORGS do printf "%b" "addent -password -p ${i} -k 1 -e aes256-cts-hmac-sha1-96\n${i}\nwrite_kt ${i}.keytab" | ktutil printf "%b" "read_kt ${i}.keytab\nlist" | ktutil done echo "" if [ ! -e /home/eip/.keytabs/hbase.keytab ] then printf "%b" "addent -password -p hbase -k 1 -e aes256-cts-hmac-sha1-96\nhbase\nwrite_kt hbase.keytab" | ktutil printf "%b" "read_kt hbase.keytab\nlist" | ktutil fi exit 0讨论(0) -
With GNU bash:
user="PRINCIPAL" pass="topsecret" printf "%b" "addent -password -p $user -k 1 -e aes256-cts-hmac-sha1-96\n$pass\nwrite_kt $user.keytab" | ktutil printf "%b" "read_kt $user.keytab\nlist" | ktutilOutput:
slot KVNO Principal ---- ---- --------------------------------------------------------------------- 1 1 PRINCIPAL@YOURDOMAIN
讨论(0) -
A version in Python
https://github.com/Tagar/stuff/blob/master/keytab.py
piping password to ktutil in shell is not secure as password will be visible in list of processes.
Since this Python scripts just interacts with ktutil using pexpect library, it's possible to implement the same as a pure shell script using expect.
Hope this helps.
讨论(0)
加载中...
- 热议问题