package: debian-edu-config version: r74282 severity: wishlist tags: patchIn order to use NFSv4+Krb5 each machine in the Skolelinux network needs a kerberos principal
host/<fqdn>The below script shows how to add such functionality. Note: the script below stems from a different context, su some adoptions will be needed for running on Debian Edu main server.
Steps for incorporation:
o place script at d-e-c/share/debian-edu-config/tools/gosa-host-create
o enable sudo execution for this script by www-data user in GOsa²
Here is the script:
#!/bin/sh
set -e
## This script is run by www-data using sudo. Keep that in mind!
## Make sure that malicious execution cannot hurt.
##
## This script creates the principals for hosts added with FusionDirectory.
set -x
HOSTNAME=$1
DOMAIN=intern
FQDN=$1.$DOMAIN
## lookup user and create home directory and principal:
ldapsearch -xLLL "(&(|(cn=$HOSTNAME)(cn=$FQDN))(objectClass=GOHard))" \
cn ipHostNumber macAddress 2>/dev/null | \
perl -p00e 's/\r?\n //g' | \
while read KEY VALUE ; do
case "$KEY" in
dn:) HOSTNAME= ; IP= ; HOSTDN="dn=$VALUE" ;;
cn:) HOSTNAME="$VALUE" ;;
ipHostNumber:) IP="$VALUE" ;;
macAddress:) MAC="$VALUE" ;;
"")
FQDN=$HOSTNAME.$DOMAIN
kadmin.local -q "add_principal -policy hosts
-randkey
-x $HOSTDN
host/$FQDN" \
&& logger -p notice \
Krb5 principal \'host/$FQDN\' created.
;;
esac
done
exit 0
--
DAS-NETZWERKTEAM
mike gabriel, dorfstr. 27, 24245 barmissen
fon: +49 (4302) 281418, fax: +49 (4302) 281419
GnuPG Key ID 0xB588399B
mail: mike.gabriel@das-netzwerkteam.de, http://das-netzwerkteam.de
freeBusy:
https://mail.das-netzwerkteam.de/freebusy/m.gabriel%40das-netzwerkteam.de.xfbAttachment:
pgp2D7iklPzyF.pgp
Description: Digitale PGP-Unterschrift