# along with this program. If not, see <http://www.gnu.org/licenses/>.
name="ktpass.sh"
-TEMP=`getopt -o h --long princ:,pass:,out:,host:,ptype:,enc:,path-to-ldbsearch: \
- -n "$name" -- "$@"`
+TEMP=$(getopt -o h --long princ:,pass:,out:,host:,ptype:,enc:,path-to-ldbsearch: \
+ -n "$name" -- "$@")
eval set -- "$TEMP"
-usage () {
- echo -ne "$name --out <keytabfile> --princ <principal> --pass <password>|*\n"
- echo -ne " [--host hostname] [--enc <encryption>]\n"
- echo -ne " [--ptype <type>] [--path-to-ldbsearch <path>]\n"
- echo -ne "\nEncoding should be one of:\n"
- echo -ne " * des-cbc-crc\n"
- echo -ne " * des-cbc-md5\n"
- echo -ne " * rc4-hmac (default)\n"
- echo -ne " * aes128-cts\n"
- echo -ne " * aes256-cts\n"
- exit 0
+usage()
+{
+ echo -ne "$name --out <keytabfile> --princ <principal> --pass <password>|*\n"
+ echo -ne " [--host hostname] [--enc <encryption>]\n"
+ echo -ne " [--ptype <type>] [--path-to-ldbsearch <path>]\n"
+ echo -ne "\nEncoding should be one of:\n"
+ echo -ne " * des-cbc-crc\n"
+ echo -ne " * des-cbc-md5\n"
+ echo -ne " * rc4-hmac (default)\n"
+ echo -ne " * aes128-cts\n"
+ echo -ne " * aes256-cts\n"
+ exit 0
}
-while true ; do
- case "$1" in
- --out) outfile=$2 ; shift 2 ;;
- --princ) princ=$2 ; shift 2 ;;
- --pass) pass=$2 ; shift 2 ;;
- --host) host=$2 ; shift 2 ;;
- --ptype) shift 2 ;;
- --enc) enc=$2; shift 2;;
- --path-to-ldbsearch) path="$2/"; shift 2;;
- -h) usage;;
- --) shift ; break ;;
- *) echo "Internal error!" ; exit 1 ;;
- esac
+while true; do
+ case "$1" in
+ --out)
+ outfile=$2
+ shift 2
+ ;;
+ --princ)
+ princ=$2
+ shift 2
+ ;;
+ --pass)
+ pass=$2
+ shift 2
+ ;;
+ --host)
+ host=$2
+ shift 2
+ ;;
+ --ptype) shift 2 ;;
+ --enc)
+ enc=$2
+ shift 2
+ ;;
+ --path-to-ldbsearch)
+ path="$2/"
+ shift 2
+ ;;
+ -h) usage ;;
+ --)
+ shift
+ break
+ ;;
+ *)
+ echo "Internal error!"
+ exit 1
+ ;;
+ esac
done
#RC4-HMAC-NT|AES256-SHA1|AES128-SHA
if [ -z "$enc" ]; then
- enc="rc4-hmac"
+ enc="rc4-hmac"
fi
if [ -z "$path" ]; then
- path=`dirname $0`/../bin/
- if [ ! -f ${path}ldbsearch ]; then
- path=`dirname $0`/../../bin/
- fi
+ path=$(dirname $0)/../bin/
+ if [ ! -f ${path}ldbsearch ]; then
+ path=$(dirname $0)/../../bin/
+ fi
fi
if [ -z "$outfile" -o -z "$princ" -o -z "$pass" ]; then
- echo "At least one mandatory parameter (--out, --princ, --pass) was not specified"
- usage
+ echo "At least one mandatory parameter (--out, --princ, --pass) was not specified"
+ usage
fi
if [ -z $host ]; then
- host=`hostname`
+ host=$(hostname)
fi
-kvno=`${path}ldbsearch -H ldap://$host "(|(samaccountname=$princ)(serviceprincipalname=$princ)(userprincipalname=$princ))" msds-keyversionnumber -k 1 -N 2>/dev/null| grep -i msds-keyversionnumber`
+kvno=$(${path}ldbsearch -H ldap://$host "(|(samaccountname=$princ)(serviceprincipalname=$princ)(userprincipalname=$princ))" msds-keyversionnumber -k 1 -N 2>/dev/null | grep -i msds-keyversionnumber)
if [ x"$kvno" = x"" ]; then
- echo -ne "Unable to find kvno for principal $princ\n"
- echo -ne " check that you are authentified with kerberos\n"
- exit 1
+ echo -ne "Unable to find kvno for principal $princ\n"
+ echo -ne " check that you are authentified with kerberos\n"
+ exit 1
else
- kvno=`echo $kvno | sed 's/^.*: //'`
+ kvno=$(echo $kvno | sed 's/^.*: //')
fi
if [ "$pass" = "*" ]; then
- echo -n "Enter password for $princ: "
- stty -echo
- read pass
- stty echo
- echo ""
+ echo -n "Enter password for $princ: "
+ stty -echo
+ read pass
+ stty echo
+ echo ""
fi
ktutil >/dev/null <<EOF
EOF
if [ $? -eq 0 ]; then
- echo "Keytab file $outfile created with success"
+ echo "Keytab file $outfile created with success"
else
- echo "Error while creating the keytab file $outfile"
+ echo "Error while creating the keytab file $outfile"
fi