All,
Dayjob has a puppet fact that, under freeBSD, uses "ktutil list" to get
the kvno of a given host. This works great because the heimdal kerberos that's built into freeBSD is what we like to parse. It takes a -k
argument to specify a keytab file.
Linux is another story. Under ubuntu, the mit version of ktutil gets installed, and I can't figure out how to script it easily. There are no documented ways to pass an arg, or even to print the version. (We can
glean it by looking at installed packages).
Is there another command that is more script-friendly? If not, can
someone share a good way to pass args to the MIT ktutil?
-Dan
the kvno of a given host.[...]
Is there another command that is more script-friendly? If not, can
someone share a good way to pass args to the MIT ktutil?
All,
Dayjob has a puppet fact that, under freeBSD, uses "ktutil list" to get
the kvno of a given host. This works great because the heimdal kerberos that's built into freeBSD is what we like to parse. It takes a -k
argument to specify a keytab file.
Linux is another story. Under ubuntu, the mit version of ktutil gets installed, and I can't figure out how to script it easily. There are no documented ways to pass an arg, or even to print the version. (We can
glean it by looking at installed packages).
Is there another command that is more script-friendly? If not, can
someone share a good way to pass args to the MIT ktutil?
<> ><> ><> ><> ><> ><> ooOoo <>< <>< <>< <>< <>< <><Dr. Dameon Wagner, Unix Platform Services
<> ><> ><> ><> ><> ><> ooOoo <>< <>< <>< <>< <>< <><
Is there another command that is more script-friendly? If not, can
someone share a good way to pass args to the MIT ktutil?
Is there another command that is more script-friendly? If not,
can someone share a good way to pass args to the MIT ktutil?
I think "klist -k" does what you want. You can pass arguments to
ktutil in a script via stdin and parse the output (we do that via a
script), that looks something like:
(echo "rkt $keytab" ; echo "list") | ktutil | [parse output]
The script this is from is so old, it predates the widespread use of
the 'printf' command; that would probably be cleaner now.
But still. Not being able to get machine-readable output out of klist
turns what should be simple and useful scripting tasks, such as "scan
the 9 different TGTs in my credential cache collection and renew any
that expire in less than 12 hours", into "whee, I guess I'm writing a finite-state automaton in shell again".
Sysop: | Keyop |
---|---|
Location: | Huddersfield, West Yorkshire, UK |
Users: | 293 |
Nodes: | 16 (2 / 14) |
Uptime: | 218:14:18 |
Calls: | 6,621 |
Calls today: | 3 |
Files: | 12,171 |
Messages: | 5,317,781 |