问题
I want to make a script that will generate the a keytab using ktutil. When running the script I want to use [user]$ script.sh PASSWORD
#script.sh
echo "addent -password -p PRINCIPAL -k 1 -e aes256-cts-hmac-sha1-96" | ktutil
Ktutil than needs a password, here I want to use the PASSWORD argument from above. How would I pass the password arguement?
回答1:
With GNU bash:
user="PRINCIPAL"
pass="topsecret"
printf "%b" "addent -password -p $user -k 1 -e aes256-cts-hmac-sha1-96\n$pass\nwrite_kt $user.keytab" | ktutil
printf "%b" "read_kt $user.keytab\nlist" | ktutil
Output:
slot KVNO Principal ---- ---- --------------------------------------------------------------------- 1 1 PRINCIPAL@YOURDOMAIN
回答2:
A version in Python
https://github.com/Tagar/stuff/blob/master/keytab.py
piping password to ktutil in shell is not secure as password will be visible in list of processes.
Since this Python scripts just interacts with ktutil using pexpect library, it's possible to implement the same as a pure shell script using expect.
Hope this helps.
回答3:
To create the multiple orgs keytabs and default hbase,pipe,hdfs keytab at the same time you can run the below script, which i have just created:
#!/bin/bash
read -p "Please enter space-delimited list of ORGS to create: " NEW_ORGS
clear
#echo "################# CREATE KEYTABS ############################"
#echo ""
kdestroy
for i in $NEW_ORGS
do
printf "%b" "addent -password -p ${i} -k 1 -e aes256-cts-hmac-sha1-96\n${i}\nwrite_kt ${i}.keytab" | ktutil
printf "%b" "read_kt ${i}.keytab\nlist" | ktutil
done
echo ""
if [ ! -e /home/eip/.keytabs/hbase.keytab ]
then
printf "%b" "addent -password -p hbase -k 1 -e aes256-cts-hmac-sha1-96\nhbase\nwrite_kt hbase.keytab" | ktutil
printf "%b" "read_kt hbase.keytab\nlist" | ktutil
fi
exit 0
来源:https://stackoverflow.com/questions/37454308/script-kerberos-ktutil-to-make-keytabs