[3947] in Kerberos
Re: getting all those initial principals
daemon@ATHENA.MIT.EDU (Mike Muuss)
Wed Sep 28 13:56:27 1994
Date: Wed, 28 Sep 94 16:16:40 GMT
From: Mike Muuss <mike@arl.mil>
To: *Hobbit* <hobbit@elf.com>
Cc: kerberos@MIT.EDU
Hobbit asks -
> Maybe I'm missing something really basic here, but is there a list of the
> principals one needs to create just to get a kerberos environment started?
This isn't quite the answer to what he asked, but I thought I'd share
it anyway. This is how we establish each new KRB5 _server_ machine with
a minimum of fuss.
It also obliquely answers the question -- we add host/HOST and kftp/HOST
random keys for each server.
Best,
-Mike
addserver.sh follows:
#!/bin/sh
# Script to establish new host server, and get it a v5srvtab file.
if test "$1" = ""
then
echo "Usage: addserver.sh hostname"
echo
echo "'hostname' can be any valid DNS name for the machine"
echo
echo "First step: On the server, run:"
echo " ttcp -r -p9000 > /etc/v5srvtab &"
echo " chmod 600 /etc/v5srvtab"
exit 1
fi
### First step, get the formal name
SERVER=$1
TMPFILE=/tmp/addclient$$
nslookup ${SERVER} | sed -e '1,3d' | sed -n '/^Addr/s/.*: *//p' | \
tr "," "\012" | tr -d " " > $TMPFILE
if test ! -s $TMPFILE
then
echo "ERROR: Unable to find $SERVER address in DNS"
exit 1
fi
read tmp < $TMPFILE
set -- $tmp
SERVER_IP_ADDR="$1"
rm -f $TMPFILE
REVERSE_SERVER_IP=
for i in `echo $SERVER_IP_ADDR|sed -e 's/\./ /g'`
do
REVERSE_SERVER_IP="${i}.$REVERSE_SERVER_IP"
done
# There is a dot on the end of REVERSE_SERVER_IP already.
cat >$TMPFILE << EOF
set type=ptr
${REVERSE_SERVER_IP}in-addr.arpa
EOF
HOSTNAME=` nslookup < $TMPFILE | \
sed -n '/name = /s/.*name = //p' `
echo "Formal name is $HOSTNAME"
rm -f $TMPFILE
### Second step, register it.
HOST=$HOSTNAME
./kdb5_edit >/dev/null << EOF
add_rnd_key host/$HOST
add_rnd_key kftp/$HOST
extract_srvtab $HOST host kftp
EOF
mv $HOST-new-srvtab v5srvtab
# This part should be replaced with a more secure method,
# at least using Enigma.
ttcp -p9000 -t $HOST < v5srvtab
rm -f v5srvtab
