package: debian-edu-config version: r74282 severity: wishlist tags: patchIn order to use NFSv4+Krb5 each machine in the Skolelinux network needs a kerberos principal
host/<fqdn>The below script shows how to add such functionality. Note: the script below stems from a different context, su some adoptions will be needed for running on Debian Edu main server.
Steps for incorporation: o place script at d-e-c/share/debian-edu-config/tools/gosa-host-create o enable sudo execution for this script by www-data user in GOsa² Here is the script: #!/bin/sh set -e ## This script is run by www-data using sudo. Keep that in mind! ## Make sure that malicious execution cannot hurt. ## ## This script creates the principals for hosts added with FusionDirectory. set -x HOSTNAME=$1 DOMAIN=intern FQDN=$1.$DOMAIN ## lookup user and create home directory and principal: ldapsearch -xLLL "(&(|(cn=$HOSTNAME)(cn=$FQDN))(objectClass=GOHard))" \ cn ipHostNumber macAddress 2>/dev/null | \ perl -p00e 's/\r?\n //g' | \ while read KEY VALUE ; do case "$KEY" in dn:) HOSTNAME= ; IP= ; HOSTDN="dn=$VALUE" ;; cn:) HOSTNAME="$VALUE" ;; ipHostNumber:) IP="$VALUE" ;; macAddress:) MAC="$VALUE" ;; "") FQDN=$HOSTNAME.$DOMAIN kadmin.local -q "add_principal -policy hosts -randkey-x $HOSTDN host/$FQDN" \
&& logger -p notice \ Krb5 principal \'host/$FQDN\' created. ;; esac done exit 0 -- DAS-NETZWERKTEAM mike gabriel, dorfstr. 27, 24245 barmissen fon: +49 (4302) 281418, fax: +49 (4302) 281419 GnuPG Key ID 0xB588399B mail: mike.gabriel@das-netzwerkteam.de, http://das-netzwerkteam.de freeBusy: https://mail.das-netzwerkteam.de/freebusy/m.gabriel%40das-netzwerkteam.de.xfb
Attachment:
pgp2D7iklPzyF.pgp
Description: Digitale PGP-Unterschrift