Created
October 11, 2013 21:41
-
-
Save markllama/6942458 to your computer and use it in GitHub Desktop.
A small script, meant to be run from cloud-init, to update the dynamic hostname principals for a registered host within a Kerberos realm inside AWS EC2
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/python | |
| # | |
| # A small script to update FreeIPA host entry with EC2 dynamic host principals | |
| # | |
| # | |
| import sys, os | |
| import ldap, ldap.sasl | |
| kerberos_server_ldap_url = sys.argv[1] | |
| admin_principal_string = sys.argv[2] | |
| client_hostname = os.uname()[1] | |
| internal_hostname = sys.argv[3] | |
| external_hostname = sys.argv[4] | |
| if __name__ == "__main__": | |
| connection = ldap.initialize(kerberos_server_ldap_url) | |
| principal = ldap.sasl.gssapi(admin_principal_string) | |
| connection.sasl_interactive_bind_s('', principal) | |
| # get the host record krb5principals | |
| # remove non-canonical "aliases" | |
| # add the internal and external aliases | |
| connection.unbind() |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment