matthewtckr/config_server.sh

## config_server.sh
#!/bin/bash

# Configure Script Settings
# KDC Server Name, admin user, non-admin user, default password
HOSTNAME=kerberos.muppets.com
ADMINUSER=mtucker
NORMALUSER=pentaho
PASSWORD=Pentaho123


## DO NOT EDIT BELOW THIS LINE ##

# Configure server network settings
HOSTNAME_SHORT=$(echo $HOSTNAME | cut -d. -f1)
DOMAIN=$(echo $HOSTNAME | cut -d. -f 2-)
REALM=$(echo $DOMAIN | tr '[:lower:]' '[:upper:]')
sed -i.orig "s/localhost.localdomain/$HOSTNAME/g" /etc/sysconfig/network
sed -i.orig "s/localhost /$HOSTNAME $HOSTNAME_SHORT localhost /g" /etc/hosts
iptables -I INPUT -p tcp --dport 88 -j ACCEPT -m comment --comment "kerberos"
iptables -I INPUT -p udp --dport 88 -j ACCEPT -m comment --comment "kerberos"
iptables -I INPUT -p udp --dport 464 -j ACCEPT -m comment --comment "kerberos"
iptables -I INPUT -p tcp --dport 749 -j ACCEPT -m comment --comment "kerberos"
service iptables save
service iptables restart
service network restart

# Install the kerberos components
yum install -y krb5-libs krb5-server krb5-workstation
yum -y install ntp && chkconfig ntpd on && /etc/init.d/ntpd start

# Update Kerberos Client config file
sed -i.orig "s/EXAMPLE.COM/$REALM/g" /etc/krb5.conf
sed -i.m1 "s/kerberos.example.com/$HOSTNAME/g" /etc/krb5.conf
sed -i.m2 "s/example.com/$DOMAIN/g" /etc/krb5.conf

# Update the KDC Server configuration
# Add Max Ticket Life / Renewable Life entries
sed -i.orig "s/EXAMPLE.COM/$REALM/g" /var/kerberos/krb5kdc/kdc.conf
sed -i.m1 '/dict_file/a max_life = 1d' /var/kerberos/krb5kdc/kdc.conf
sed -i.m2 '/dict_file/a max_renewable_life = 7d' /var/kerberos/krb5kdc/kdc.conf
sed -i.m3 's/^max_/  max_/' /var/kerberos/krb5kdc/kdc.conf
sed -i.m4 '/supported_enctypes/a default_principal_flags = +renewable, +forwardable' /var/kerberos/krb5kdc/kdc.conf
sed -i.m5 's/^default_principal_flags/  default_principal_flags/' /var/kerberos/krb5kdc/kdc.conf

# Update the Admin ACL file
sed -i.orig "s/EXAMPLE.COM/$REALM/" /var/kerberos/krb5kdc/kadm5.acl

# Create the kerberos database
kdb5_util create -s -P $PASSWORD

# Create an admin user
kadmin.local -q "addprinc -pw $PASSWORD $ADMINUSER/admin"

# start the servers
service krb5kdc start
service kadmin start
chkconfig krb5kdc on
chkconfig kadmin on

# Create normal users
kadmin.local -q "addprinc -pw $PASSWORD $NORMALUSER"
	#!/bin/bash

	# Configure Script Settings
	# KDC Server Name, admin user, non-admin user, default password
	HOSTNAME=kerberos.muppets.com
	ADMINUSER=mtucker
	NORMALUSER=pentaho
	PASSWORD=Pentaho123


	## DO NOT EDIT BELOW THIS LINE ##

	# Configure server network settings
	HOSTNAME_SHORT=$(echo $HOSTNAME \| cut -d. -f1)
	DOMAIN=$(echo $HOSTNAME \| cut -d. -f 2-)
	REALM=$(echo $DOMAIN \| tr '[:lower:]' '[:upper:]')
	sed -i.orig "s/localhost.localdomain/$HOSTNAME/g" /etc/sysconfig/network
	sed -i.orig "s/localhost /$HOSTNAME $HOSTNAME_SHORT localhost /g" /etc/hosts
	iptables -I INPUT -p tcp --dport 88 -j ACCEPT -m comment --comment "kerberos"
	iptables -I INPUT -p udp --dport 88 -j ACCEPT -m comment --comment "kerberos"
	iptables -I INPUT -p udp --dport 464 -j ACCEPT -m comment --comment "kerberos"
	iptables -I INPUT -p tcp --dport 749 -j ACCEPT -m comment --comment "kerberos"
	service iptables save
	service iptables restart
	service network restart

	# Install the kerberos components
	yum install -y krb5-libs krb5-server krb5-workstation
	yum -y install ntp && chkconfig ntpd on && /etc/init.d/ntpd start

	# Update Kerberos Client config file
	sed -i.orig "s/EXAMPLE.COM/$REALM/g" /etc/krb5.conf
	sed -i.m1 "s/kerberos.example.com/$HOSTNAME/g" /etc/krb5.conf
	sed -i.m2 "s/example.com/$DOMAIN/g" /etc/krb5.conf

	# Update the KDC Server configuration
	# Add Max Ticket Life / Renewable Life entries
	sed -i.orig "s/EXAMPLE.COM/$REALM/g" /var/kerberos/krb5kdc/kdc.conf
	sed -i.m1 '/dict_file/a max_life = 1d' /var/kerberos/krb5kdc/kdc.conf
	sed -i.m2 '/dict_file/a max_renewable_life = 7d' /var/kerberos/krb5kdc/kdc.conf
	sed -i.m3 's/^max_/ max_/' /var/kerberos/krb5kdc/kdc.conf
	sed -i.m4 '/supported_enctypes/a default_principal_flags = +renewable, +forwardable' /var/kerberos/krb5kdc/kdc.conf
	sed -i.m5 's/^default_principal_flags/ default_principal_flags/' /var/kerberos/krb5kdc/kdc.conf

	# Update the Admin ACL file
	sed -i.orig "s/EXAMPLE.COM/$REALM/" /var/kerberos/krb5kdc/kadm5.acl

	# Create the kerberos database
	kdb5_util create -s -P $PASSWORD

	# Create an admin user
	kadmin.local -q "addprinc -pw $PASSWORD $ADMINUSER/admin"

	# start the servers
	service krb5kdc start
	service kadmin start
	chkconfig krb5kdc on
	chkconfig kadmin on

	# Create normal users
	kadmin.local -q "addprinc -pw $PASSWORD $NORMALUSER"