1#!/bin/sh 2 3# Copyright (C) Internet Systems Consortium, Inc. ("ISC") 4# 5# SPDX-License-Identifier: MPL-2.0 6# 7# This Source Code Form is subject to the terms of the Mozilla Public 8# License, v. 2.0. If a copy of the MPL was not distributed with this 9# file, you can obtain one at https://mozilla.org/MPL/2.0/. 10# 11# See the COPYRIGHT file distributed with this work for additional 12# information regarding copyright ownership. 13 14set -x 15 16PWD=$(pwd) 17 18KRB5_CONFIG="${PWD}/krb5.conf" 19export KRB5_CONFIG 20 21KRB5_KDC_PROFILE=${PWD}/krb5kdc 22export KRB5_KDC_PROFILE 23 24now=$(date +%s) 25lifetime=$((2147483647 - now)) 26lifetime=$((lifetime / 3600 / 24 - 30)) 27 28cat <<EOF >"${KRB5_CONFIG}" 29[libdefaults] 30 default_realm = EXAMPLE.COM 31 dns_lookup_kdc = false 32 # Depending on what you are testing, you may want something like: 33 # default_keytab_name = FILE:/usr/local/var/keytab 34[realms] 35 EXAMPLE.COM = { 36 admin_server = 127.0.0.1:50001 37 kdc = 127.0.0.1:50000 38 database_module = DB2 39 kdc_ports = 50000 40 kadmind_port = 50001 41 } 42[dbmodules] 43 DB2 = { 44 db_library = db2 45 } 46[logging] 47 # Use any pathnames you want here. 48 kdc = FILE:${PWD}/kdc.log 49 admin_server = FILE:${PWD}/kadmin.log 50# Depending on what you are testing, you may want: 51# [domain_realm] 52# your.domain = EXAMPLE.COM 53EOF 54 55rm -rf ${KRB5_KDC_PROFILE} 56mkdir -p ${KRB5_KDC_PROFILE} 57chmod 700 ${KRB5_KDC_PROFILE} 58 59cat <<EOF >"${KRB5_KDC_PROFILE}"/kdc.conf 60[kdcdefaults] 61 kdc_ports = 50000 62 kdc_tcp_ports = 50000 63 64[realms] 65 EXAMPLE.COM = { 66 key_stash_file = ${KRB5_KDC_PROFILE}/.k5.EXAMPLE.COM 67 database_module = EXAMPLE.COM 68 max_life = ${lifetime}d 69} 70 71[dbmodules] 72 EXAMPLE.COM = { 73 db_library = db2 74 database_name = ${KRB5_KDC_PROFILE}/principal 75 } 76EOF 77 78kdb5_util create -s <<EOF 79master 80master 81EOF 82 83krb5kdc -n & 84krb5kdcpid=$! 85#trap "kill $krb5kdcpid; wait; trap 0; exit" 0 15 86 87kadmin.local addprinc -maxlife ${lifetime}d -randkey DNS/ns7.example.com@EXAMPLE.COM 88kadmin.local addprinc -maxlife ${lifetime}d -randkey DNS/ns8.example.com@EXAMPLE.COM 89kadmin.local addprinc -maxlife ${lifetime}d -randkey host/machine.example.com@EXAMPLE.COM 90 91kadmin.local ktadd -k ns7-server.keytab DNS/ns7.example.com@EXAMPLE.COM 92kadmin.local ktadd -k ns8-server.keytab DNS/ns8.example.com@EXAMPLE.COM 93kadmin.local ktadd -k krb5-machine.keytab host/machine.example.com@EXAMPLE.COM 94 95kadmin.local addprinc -maxlife ${lifetime}d -randkey 'DNS/ns9.example.com@EXAMPLE.COM' 96kadmin.local addprinc -maxlife ${lifetime}d -randkey 'DNS/ns10.example.com@EXAMPLE.COM' 97kadmin.local addprinc -maxlife ${lifetime}d -randkey 'machine$@EXAMPLE.COM' 98 99kadmin.local ktadd -k ns9-server.keytab 'DNS/ns9.example.com@EXAMPLE.COM' 100kadmin.local ktadd -k ns10-server.keytab 'DNS/ns10.example.com@EXAMPLE.COM' 101kadmin.local ktadd -k ms-machine.keytab 'machine$@EXAMPLE.COM' 102 103kinit -V -k -t krb5-machine.keytab -l ${lifetime}d -c krb5-machine.ccache host/machine.example.com@EXAMPLE.COM 104kinit -V -k -t ms-machine.keytab -l ${lifetime}d -c ms-machine.ccache 'machine$@EXAMPLE.COM' 105 106cp ns7-server.keytab ../ns7/dns.keytab 107cp ns8-server.keytab ../ns8/dns-other-than-KRB5_KTNAME.keytab 108cp ns9-server.keytab ../ns9/dns.keytab 109cp ns10-server.keytab ../ns10/dns.keytab 110 111cp krb5-machine.ccache ../ns7/machine.ccache 112cp krb5-machine.ccache ../ns8/machine.ccache 113cp ms-machine.ccache ../ns9/machine.ccache 114cp ms-machine.ccache ../ns10/machine.ccache 115 116echo krb5kdc pid:$krb5kdcpid 117