Mageia Bugzilla – Attachment 4057 Details for
Bug 10090
krb5 - UDP ping-pong flaw in kpasswd (CVE-2002-2443)
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
Log In
[x]
|
New Account
|
Forgot Password
krb5_server_setup.sh modified to also fix changed location of kadm5.keytab
krb5_server_setup.sh (text/plain), 2.95 KB, created by
Dave Hodgins
on 2013-05-27 02:33:43 CEST
(
hide
)
Description:
krb5_server_setup.sh modified to also fix changed location of kadm5.keytab
Filename:
MIME Type:
Creator:
Dave Hodgins
Created:
2013-05-27 02:33:43 CEST
Size:
2.95 KB
patch
obsolete
>#!/bin/bash > >user="${1:-root}" # If no user specified, default to root. > >hostname=$(hostname) > >printf '%s\n' "Checking dns setup for $hostname" >ipaddrstring=$(host "$hostname") >ipaddr="${ipaddrstring##*address }" # strip string 'address ' and everything before it >#printf '%s\n' "host $hostname returns ip address $ipaddr" > >hostnamebyipaddrstring=$(host "$ipaddr") >hostnamebyipaddr="${hostnamebyipaddrstring##*pointer }" >hostnamebyipaddr="${hostnamebyipaddr%[\.]*}" # strip last period and anything following it. >#printf '%s\n' "reverse dns for $ipaddr points to $hostnamebyipaddr" > >if [ "$hostnamebyipaddr" == "$hostname" ] ; then > printf '%s\n' "Good. Forward and reverse dsn settings for $hostname match" >else > printf '%s\n' "Forward and reverse dsn settings for $hostname DO NOT MATCH!" > exit 1 >fi > >realm=$(echo "$hostname" | tr a-z A-Z) >printf '%s\n' "The realm name will be set to $realm" > >installlist="" > >if [ ! -e /usr/sbin/krb5kdc ] ; then > installlist="$installlist krb5-server" >fi > >if [ ! -e /usr/sbin/login.krb5 ] ; then > installlist="$installlist krb5-appl-servers" >fi > >if [ ! -e /usr/bin/kinit ] ; then > installlist="$installlist krb5-workstation" >fi > >if [ ! -e /usr/bin/krlogin ] ; then > installlist="$installlist krb5-appl-clients" >fi > >if [ -n "$installlist" ] ; then > urpmi $installlist >fi > >kdcconflocation=$(rpm -q -l krb5-server|grep kdc.conf$) >kadm5acllocation=$(rpm -q -l krb5-server|grep kadm5.acl$) > >if [[ $(grep "EXAMPLE.COM" $kdcconflocation) ]]; then > printf '%s\n' "Setting realm name in $kdcconflocation" > sed -i.original "s/EXAMPLE.COM/$realm/" $kdcconflocation >fi > >if [[ $(grep "EXAMPLE.COM" /etc/krb5.conf) ]]; then > printf '%s\n' "Setting realm and host names in /etc/krb5.conf" > sed -i.original -e "s/EXAMPLE.COM/$realm/" -e "s/kerberos.example.com/$hostname/" -e "s/example.com/$hostname/" /etc/krb5.conf >fi > >if [[ $(grep "EXAMPLE.COM" $kadm5acllocation) ]]; then > printf '%s\n' "Setting realm name in $kadm5acllocation" > sed -i.original "s/EXAMPLE.COM/$realm/" $kadm5acllocation >fi > >database_name=/var/lib/krb5kdc/principal >eval $(sed 's/ //g' $kdcconflocation|grep ^database_name) > >admin_keytab=/etc/kerberos/krb5kdc/kadm5.keytab >eval $(sed 's/ //g' $kdcconflocation|grep ^admin_keytab) > >if [ ! -e $database_name ] ; then > printf '%s\n' "Creating database in $database_name" > kdb5_util create -r "$realm" -s >fi > >kadmin.local -q "addprinc admin/admin@$hostname" >kadmin.local -p admin/admin -q "addprinc $user/admin@$realm" >kadmin.local -p admin/admin -q "ktadd -k $admin_keytab kadmin/admin kadmin/changepw" >kadmin.local -p admin/admin -q "addprinc -randkey host/$hostname" >kadmin.local -p admin/admin -q "ktadd -norandkey host/$hostname" >kadmin.local -p admin/admin -q "addprinc $user" >service krb5kdc start && service kadmin start && printf '%s\n' "kerberos server setup complete" >chkconfig krb5kdc on >chkconfig kadmin on >printf '%s\n' "Copy /etc/krb5.conf to any client stations, and install krb5-appl-clients on them" >
#!/bin/bash user="${1:-root}" # If no user specified, default to root. hostname=$(hostname) printf '%s\n' "Checking dns setup for $hostname" ipaddrstring=$(host "$hostname") ipaddr="${ipaddrstring##*address }" # strip string 'address ' and everything before it #printf '%s\n' "host $hostname returns ip address $ipaddr" hostnamebyipaddrstring=$(host "$ipaddr") hostnamebyipaddr="${hostnamebyipaddrstring##*pointer }" hostnamebyipaddr="${hostnamebyipaddr%[\.]*}" # strip last period and anything following it. #printf '%s\n' "reverse dns for $ipaddr points to $hostnamebyipaddr" if [ "$hostnamebyipaddr" == "$hostname" ] ; then printf '%s\n' "Good. Forward and reverse dsn settings for $hostname match" else printf '%s\n' "Forward and reverse dsn settings for $hostname DO NOT MATCH!" exit 1 fi realm=$(echo "$hostname" | tr a-z A-Z) printf '%s\n' "The realm name will be set to $realm" installlist="" if [ ! -e /usr/sbin/krb5kdc ] ; then installlist="$installlist krb5-server" fi if [ ! -e /usr/sbin/login.krb5 ] ; then installlist="$installlist krb5-appl-servers" fi if [ ! -e /usr/bin/kinit ] ; then installlist="$installlist krb5-workstation" fi if [ ! -e /usr/bin/krlogin ] ; then installlist="$installlist krb5-appl-clients" fi if [ -n "$installlist" ] ; then urpmi $installlist fi kdcconflocation=$(rpm -q -l krb5-server|grep kdc.conf$) kadm5acllocation=$(rpm -q -l krb5-server|grep kadm5.acl$) if [[ $(grep "EXAMPLE.COM" $kdcconflocation) ]]; then printf '%s\n' "Setting realm name in $kdcconflocation" sed -i.original "s/EXAMPLE.COM/$realm/" $kdcconflocation fi if [[ $(grep "EXAMPLE.COM" /etc/krb5.conf) ]]; then printf '%s\n' "Setting realm and host names in /etc/krb5.conf" sed -i.original -e "s/EXAMPLE.COM/$realm/" -e "s/kerberos.example.com/$hostname/" -e "s/example.com/$hostname/" /etc/krb5.conf fi if [[ $(grep "EXAMPLE.COM" $kadm5acllocation) ]]; then printf '%s\n' "Setting realm name in $kadm5acllocation" sed -i.original "s/EXAMPLE.COM/$realm/" $kadm5acllocation fi database_name=/var/lib/krb5kdc/principal eval $(sed 's/ //g' $kdcconflocation|grep ^database_name) admin_keytab=/etc/kerberos/krb5kdc/kadm5.keytab eval $(sed 's/ //g' $kdcconflocation|grep ^admin_keytab) if [ ! -e $database_name ] ; then printf '%s\n' "Creating database in $database_name" kdb5_util create -r "$realm" -s fi kadmin.local -q "addprinc admin/admin@$hostname" kadmin.local -p admin/admin -q "addprinc $user/admin@$realm" kadmin.local -p admin/admin -q "ktadd -k $admin_keytab kadmin/admin kadmin/changepw" kadmin.local -p admin/admin -q "addprinc -randkey host/$hostname" kadmin.local -p admin/admin -q "ktadd -norandkey host/$hostname" kadmin.local -p admin/admin -q "addprinc $user" service krb5kdc start && service kadmin start && printf '%s\n' "kerberos server setup complete" chkconfig krb5kdc on chkconfig kadmin on printf '%s\n' "Copy /etc/krb5.conf to any client stations, and install krb5-appl-clients on them"
View Attachment As Raw
Actions:
View
Attachments on
bug 10090
:
4056
| 4057