sync_kerberos_data for MIT KRB

gistfile1.txt

#!/bin/bash

backup=0
kdc_secondaries=(kdc1.example.net kdc2.example.net kdc3.example.net)
default_location=/var/kerberos/krb5kdc/slave_datatrans
default_backup=/var/kerberos/krb5kdc_backup
location=$default_location
datestamp=$(date +%Y-%m-%d.%H%M%S)
verbose=0

OPTIND=1
while getopts "vh?bl:" opt ; do
    case "$opt" in
        h|\?) echo "$0  - default mode runs replication.  adding -b causes a backup to occur."
            exit 0
            ;;
        b) backup=1
            ;;
        l) location=$OPTARG
            ;;
        v) verbose=1
        ;;
        *) echo "Unknown option $opt"
            exit 1
    esac
done
shift $((OPTIND-1))


if [ ! -e /usr/sbin/kdb5_util ] ; then
    echo "Could not find /usr/sbin/kdb5_util.  Is krb5-server installed?"
    exit 1
fi

if [ ! -e /usr/sbin/kprop ] ; then
    echo "Could not find /usr/sbin/kprop.  Is krb5-server installed?"
    exit 1
fi

if [ $backup -eq 1 -a $location != $default_location ] ; then
    # we're in backup mode, let's reconfigure the script.
    if [ ! -d $location ] ; then
        echo "$location is not a directory, bailing out."
        exit 1
    fi

    location="$location/kerberos_dump.$datestamp"
elif [ $backup -eq 1 -a $location == $default_location ] ; then
    mkdir -p $default_backup
    location="$default_backup/kerberos_dump.$datestamp"
fi


if ! /usr/sbin/kdb5_util dump $location; then
    echo "kdb5_util dump failed"
fi

if [ $backup -eq 0 ] ; then
    # we're not in backup mode, so we can continue to the replication point.
    for kdc in "${kdc_secondaries[@]}" ; do
        if ! output=$(/usr/sbin/kprop "$kdc" 2>&1); then
            echo "kprop transfer to $kdc failed.  try running by hand to determine why."
            echo "error was: $output"
            continue
        else
            if [ $verbose -eq 1 ] ; then
                echo "Replication to $kdc succeeded"
            fi
        fi
    done
fi