On 21.04.2021 09:56, Dan Mahoney (Gushi) wrote:
> All,
>
> Dayjob has a puppet fact that, under freeBSD, uses "ktutil list" to get
> the kvno of a given host. This works great because the heimdal kerberos
> that's built into freeBSD is what we like to parse. It takes a -k
> argument to specify a keytab file.
>
> Linux is another story. Under ubuntu, the mit version of ktutil gets
> installed, and I can't figure out how to script it easily. There are no
> documented ways to pass an arg, or even to print the version. (We can
> glean it by looking at installed packages).
>
> Is there another command that is more script-friendly? If not, can
> someone share a good way to pass args to the MIT ktutil?
>
> -Dan
>
>
>
Hi Dan,
try to use *expect* tool, that is what I use...
Steps:
1: run once ktutil (under expect, which will save terminal actions)
2: call it in batch, like this (this is example of creating keytab, you
have to adopt script -- do no use it blindly):
---8<------
cat << EOEXPECT > /tmp/create-${TABLE}.keytab.exp
set force_conservative 0 ;# set to 1 to force conservative mode even if
script wasn't run conservatively originally
if {\$force_conservative} {
set send_slow {1 .1}
proc send {ignore arg} {
sleep .1
exp_send -s -- \$arg
}
}
set timeout -1
spawn \$env(SHELL)
match_max 100000
expect " "
send -- "ktutil"
expect -exact "ktutil"
send -- "\r"
expect -exact "ktutil: "
send -- "addent -password -p ${1} -k 1 -e aes256-cts-hmac-sha1-96"
expect -exact "addent -password -p ${1} -k 1 -e aes256-cts-hmac-sha1-96"
send -- "\r"
...
expect eof
EOEXPECT
# Create keytab
expect -f /tmp/create-${TABLE}.keytab.exp
---8<------
HTH
Best regards.
--
Predrag Zečević
Technical Support Analyst
2e Systems GmbH
tel: +49 - 6196 - 95058 - 15
mob: +49 - 174 - 3109288
fax: +49 - 6196 - 95058 - 94
e-mail: predrag.zece...@2e-systems.com
headquarter: 2e Systems GmbH, Koenigsteiner Str. 107, 65812 Bad Soden am
Taunus, Germany
registration: Amtsgericht Koenigstein (Germany), HRB 7303
managing director: Phil Douglas
http://www.2e-systems.com/ - Making your business fly!
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
