Skip to content

Instantly share code, notes, and snippets.

@Nuttymoon
Last active April 8, 2022 15:20
Show Gist options
  • Save Nuttymoon/eb05409c8aeb42b29526dc30e550c27a to your computer and use it in GitHub Desktop.
Save Nuttymoon/eb05409c8aeb42b29526dc30e550c27a to your computer and use it in GitHub Desktop.
Create a keytab using ktutil and j2cli Python package (useful for AD tied servers)
#!/usr/bin/env bash
# Generate a keytab using ktutil
# Store keys encrypted with des3, aes128, aes256, arcfour and des
# $1 = keytab principal
# $2 = keytab realm
# $3 = keytab filename
# $4 = principal password ('-' to prompt for password)
# $5 = kvno
if [ "$#" -eq 5 ]; then
if [ "$4" == "-" ]; then
echo -n "Password: "
read -s principal_password
else
principal_password="$4"
fi
echo ""
cwd=$(dirname "$0")
export principal="$1"
export realm="$2"
export filename="$3"
export password="$principal_password"
export kvno="$5"
rm -f "$3"
envsubst <"$cwd/ktutil-lines.txt" | ktutil
chmod 400 "$3"
else
echo "Wrong number of arguments"
echo "Usage: create-keytab.sh <principal> <realm> <keytab_filename> <password> <kvno>"
fi
add_entry -password -p ${principal}@${realm} -k ${kvno} -e des3-cbc-sha1
${password}
add_entry -password -p ${principal}@${realm} -k ${kvno} -e aes128-cts-hmac-sha1-96
${password}
add_entry -password -p ${principal}@${realm} -k ${kvno} -e aes256-cts-hmac-sha1-96
${password}
add_entry -password -p ${principal}@${realm} -k ${kvno} -e arcfour-hmac
${password}
write_kt ${filename}
exit
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment