#!/bin/sh # # # Copyright 2006 Sun Microsystems, Inc. All rights reserved. # Use is subject to license terms. # # # # #pragma ident "%Z%%M% %I% %E% SMI" setvar TEXTDOMAIN = 'SUNW_OST_OSCMD' export TEXTDOMAIN # list_princs keytab # returns a list of principals in the keytab # sorted and uniquified proc list_princs { klist -k $keytab | tail +4 | awk '{print $2}' | sort | uniq } proc set_command { if test x$command != x { cmd_error $(gettext "Only one command can be specified) usage exit 1 } setvar command = "$1" } #interactive_prompt prompt princ # If in interactive mode return true if the principal should be acted on # otherwise return true all the time # # SUNW14resync: If in interactive mode the default is now to return false # i.e. if in interactive mode unless the user types "Yes" or # "yes" false will be returned. # proc interactive_prompt { if test $interactive = 0 { return 0 } setvar PROMPT = $(gettext "%s for %s? [yes no] ) setvar Y1 = $(gettext "yes) setvar Y2 = $(gettext "Yes) printf $PROMPT $1 $2 read ans match $ans { with ${Y1}|${Y2} return 0 } return 1 } proc cmd_error { echo $ifsjoin(ARGV) 2>&1 } proc usage { setvar USAGE = $(gettext "Usage: $0 [-i] [-f file] list|change|delete|delold) echo $USAGE } proc change_key { setvar princs = $(list_princs) for princ in [$princs] { setvar ACTION = $(gettext "Change key) if interactive_prompt $ACTION $princ { kadmin -k -t $keytab -p $princ -q "ktadd -k $keytab $princ" } } } proc delete_old_keys { setvar princs = $(list_princs) for princ in [$princs] { setvar ACTION = $(gettext "Delete old keys) if interactive_prompt $ACTION $princ { kadmin -k -t $keytab -p $princ -q "ktrem -k $keytab $princ old" } } } proc delete_keys { setvar interactive = '1' setvar princs = $(list_princs) for princ in [$princs] { setvar ACTION = $(gettext "Delete all keys) if interactive_prompt $ACTION $princ { kadmin -p $princ -k -t $keytab -q "ktrem -k $keytab $princ all" } } } setvar keytab = '/etc/krb5/krb5.keytab' setvar interactive = '0' setvar CHANGE = $(gettext "change) setvar DELOLD = $(gettext "delold) setvar DELETE = $(gettext "delete) setvar LIST = $(gettext "list) while test $Argc -gt 0 { setvar opt = "$1" shift match $opt { with "-f" setvar keytab = "$1" shift with "-i" setvar interactive = '1' with ${CHANGE}|${DELOLD}|${DELETE}|${LIST} set_command $opt with * setvar ILLEGAL = $(gettext "Illegal option: ) cmd_error $ILLEGAL $opt usage exit 1 } } match $command { with $CHANGE change_key with $DELOLD delete_old_keys with $DELETE delete_keys with $LIST klist -k $keytab with * usage }