[debian-edu-commits] [Git][debian-edu/debian-edu-config][master] share/d-e-c/tools/gosa-modify-host: Only create Kerberos host and service...

Mike Gabriel (@sunweaver) gitlab at salsa.debian.org
Mon Dec 20 21:37:58 GMT 2021 


Mike Gabriel pushed to branch master at Debian Edu / debian-edu-config


Commits:
57d70cb1 by Mike Gabriel at 2021-12-20T22:37:35+01:00
share/d-e-c/tools/gosa-modify-host: Only create Kerberos host and service principals if they don't yet exist. (Closes: #1002014).

- - - - -


2 changed files:

- debian/changelog
- share/debian-edu-config/tools/gosa-modify-host


Changes:

=====================================
debian/changelog
=====================================
@@ -1,3 +1,10 @@
+debian-edu-config (2.12.15) UNRELEASED; urgency=medium
+
+  * share/d-e-c/tools/gosa-modify-host: Only create Kerberos host and service
+    principals if they don't yet exist. (Closes: #1002014).
+
+ -- Mike Gabriel <sunweaver at debian.org>  Mon, 20 Dec 2021 22:35:39 +0100
+
 debian-edu-config (2.12.14) unstable; urgency=medium
 
   [ Wolfgang Schweer ]


=====================================
share/debian-edu-config/tools/gosa-modify-host
=====================================
@@ -7,11 +7,19 @@ set -ex
 
 HOST="$1"
 
-kadmin.local -q "add_principal -policy hosts -randkey host/$HOST.intern"
-kadmin.local -q "ktadd -k /etc/debian-edu/host-keytabs/$HOST.intern.keytab host/$HOST.intern"
-kadmin.local -q "add_principal -policy hosts -randkey nfs/$HOST.intern"
-kadmin.local -q "ktadd -k /etc/debian-edu/host-keytabs/$HOST.intern.keytab nfs/$HOST.intern"
-logger -t gosa-modify-host -p notice Krb5 principals and keytab file for host \'$HOST\' created.
+# This is only for kerberizing host entries in LDAP stemming from earlier installations
+# of Debian Edu... Normally, host and service principals should have been created
+# by the gosa-host-create hook script.
+if ! LANG=C kadmin.local -q "get_principal host/$HOST.intern" 2>/dev/null  | grep -q "^Principal: host/$HOST.intern at .*"; then
+	kadmin.local -q "add_principal -policy hosts -randkey host/$HOST.intern"
+	kadmin.local -q "ktadd -k /etc/debian-edu/host-keytabs/$HOST.intern.keytab host/$HOST.intern"
+	logger -t gosa-modify-host -p notice Krb5 host principal \'host/$HOST.intern\' created and added to host-specific keytab file.
+fi
+if ! LANG=C kadmin.local -q "get_principal nfs/$HOST.intern" 2>/dev/null  | grep -q "^Principal: nfs/$HOST.intern at .*"; then
+	kadmin.local -q "add_principal -policy hosts -randkey nfs/$HOST.intern"
+	kadmin.local -q "ktadd -k /etc/debian-edu/host-keytabs/$HOST.intern.keytab nfs/$HOST.intern"
+	logger -t gosa-modify-host -p notice Krb5 service principal \'nfs/$HOST.intern\' created and added to host-specific keytab file.
+fi
 
 # update services:
 /usr/share/debian-edu-config/tools/gosa-sync-dns-nfs



View it on GitLab: https://salsa.debian.org/debian-edu/debian-edu-config/-/commit/57d70cb10a902a004ed39da902b6808c36ce1851

-- 
View it on GitLab: https://salsa.debian.org/debian-edu/debian-edu-config/-/commit/57d70cb10a902a004ed39da902b6808c36ce1851
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-edu-commits/attachments/20211220/443268af/attachment-0001.htm>

More information about the debian-edu-commits mailing list