2010-08-24 15:00:22 +00:00
|
|
|
#step 1, determine the realm and such
|
2010-05-23 00:29:44 +00:00
|
|
|
DNSDOMAIN=`dnsdomainname`
|
|
|
|
|
UPDNSDOMAIN=`echo $DNSDOMAIN|tr a-z A-Z`
|
|
|
|
|
LDAPBASEDN=dc=`echo $DNSDOMAIN|sed -e 's/\./,dc=/'`
|
|
|
|
|
HOSTPRINC=`hostname`
|
2010-08-24 15:00:22 +00:00
|
|
|
#generate a random 32 character password
|
|
|
|
|
MYPASS=$(tr -dc A-Za-z0-9 </dev/urandom|head -c 32)
|
2010-05-23 00:29:44 +00:00
|
|
|
|
2010-08-24 15:00:22 +00:00
|
|
|
if [ "$OSVER" = "rhels6" ]; then
|
|
|
|
|
#enable kerberos
|
|
|
|
|
authconfig --update --krb5realm=$UPDNSDOMAIN --enablekrb5kdcdns --enablekrb5
|
|
|
|
|
#change password
|
|
|
|
|
(echo $TEMPHOSTPASS;echo $MYPASS;echo $MYPASS)|kpasswd $HOSTPRINC
|
|
|
|
|
(echo $MYPASS)|kinit $HOSTPRINC
|
|
|
|
|
#KVNO=`kvno $HOSTPRINC|awk '{print $NF}'`
|
|
|
|
|
#(echo add_entry -password -p $HOSTPRINC -k $KVNO -e des;echo $MYPASS;echo wkt /etc/host.keytab)|ktutil
|
|
|
|
|
OLDUMASK=`umask`
|
|
|
|
|
umask 0077
|
|
|
|
|
echo $MYPASS > /etc/krb5.hostpass
|
|
|
|
|
umask $OLDUMASK
|
2010-05-23 00:29:44 +00:00
|
|
|
#ok, time for ldap
|
2010-08-24 15:00:22 +00:00
|
|
|
LDAPSRV=`host -t SRV _ldap._tcp.$DNSDOMAIN|awk '{print $NF}'`
|
|
|
|
|
#sed -ie 's/#uri ldap:\/\/127.0.0.1/uri ldap:\/\/$LDAPSRV\//' /etc/nslcd.conf
|
|
|
|
|
#sed -ie 's/# base dc.*/base $LDAPBASEDN/' /etc/nslcd.conf
|
|
|
|
|
echo use_sasl on >> /etc/nslcd.conf
|
|
|
|
|
echo sasl_mech GSSAPI >> /etc/nslcd.conf
|
|
|
|
|
echo sasl_secprops maxssf=0 >> /etc/nslcd.conf
|
|
|
|
|
echo krb5_ccname /var/run/ldap_krb5cc >> /etc/nslcd.conf
|
|
|
|
|
authconfig --update --enableldap --ldapserver=$LDAPSRV --ldapbasedn=$LDAPBASEDN
|
|
|
|
|
echo 'kinit -c /var/run/ldap_krb5cc < /etc/krb5.hostpass' >> /etc/rc.local
|
|
|
|
|
echo 'kinit -c /var/run/ldap_krb5cc < /etc/krb5.hostpass' >> /etc/cron.hourly/nslcdkrb.cron
|
|
|
|
|
chmod +x /etc/cron.hourly/nslcdkrb.cron
|
|
|
|
|
fi
|
|
|
|
|
|
|
|
|
|
|
