X-Git-Url: https://git.adam-barratt.org.uk/?p=mirror%2Fuserdir-ldap.git;a=blobdiff_plain;f=ud-krb-reset;fp=ud-krb-reset;h=d7e2efff4a4d6c74aadf047cb2e577c859b7ac76;hp=0000000000000000000000000000000000000000;hb=200c280e08a33e415aae8c7f0da289284d2c4504;hpb=00612ecbc10cd19f9b3d67b9fd45694f7940275b diff --git a/ud-krb-reset b/ud-krb-reset new file mode 100755 index 0000000..d7e2eff --- /dev/null +++ b/ud-krb-reset @@ -0,0 +1,68 @@ +#!/usr/bin/perl + +# Copyright (c) 2010 Peter Palfrader + +# Resets the password for a kerberos principal given on the command line. +# If the principal does not exist, try to create them. + +use strict; +use Heimdal::Kadm5; +use Getopt::Long; +use English; +use String::Random; + +my $USAGE = "Usage: $PROGRAM_NAME [--admin=] [--keytab=] \n"; + +sub getname() { + my $username = getpwuid($UID); + die "Cannot get current username\n" unless defined $username; + return $username; +}; + +my $params; +Getopt::Long::config('bundling'); +GetOptions ( + '--help' => \$params->{'help'}, + '--admin=s' => \$params->{'admin'}, + '--keytab=s' => \$params->{'keytab'}, +) or die ($USAGE); + +if ($params->{'help'}) { + print $USAGE; + exit (0); +}; + +die $USAGE if (scalar @ARGV != 1); +my $name = shift @ARGV; + +unless (defined $params->{'admin'}) { + $params->{'admin'} = getname().'/admin'; +}; +unless (defined $params->{'keytab'}) { + $params->{'keytab'} = '/etc/userdir-ldap/keytab.'.getname(); +}; + +my $client = Heimdal::Kadm5::Client->new( + Principal => $params->{'admin'}, + Keytab => $params->{'keytab'} + ); +die "Unable to get Heimdal Client object.\n" unless defined $client; + + +my $password = '844u6MrG0gTS'; + +my $rnd = new String::Random; +my $password = $rnd->randregex('[a-zA-Z0-9]{16}'); + +my $principal = $client->getPrincipal($name); +unless (defined $principal) { + print "Principal appears to not exist. Trying to add.\n"; + $principal = $client->makePrincipal($name); + my $ret = $client->createPrincipal($principal, $password, undef); + die "Failed to create principal $name.\n" unless ($ret); + print "Created principal $name with password '$password'.\n"; +} else { + my $ret = $client->changePassword($name, $password); + die "Failed to change password for $name.\n" unless ($ret); + print "Changed password of principal $name to '$password'.\n"; +};