matthewtckr · May 10, 2018 02:26
diff --git a/config_server.sh b/config_server.sh
 #!/bin/bash

 # Configure Script Settings
 # KDC Server Name, admin user, non-admin user, default password
 HOSTNAME=kerberos.muppets.com
 ADMINUSER=mtucker
 NORMALUSER=pentaho
 PASSWORD=Pentaho123


 ## DO NOT EDIT BELOW THIS LINE ##

 # Configure server network settings
 HOSTNAME_SHORT=$(echo $HOSTNAME | cut -d. -f1)
 DOMAIN=$(echo $HOSTNAME | cut -d. -f 2-)
 REALM=$(echo $DOMAIN | tr '[:lower:]' '[:upper:]')
 sed -i.orig "s/localhost.localdomain/$HOSTNAME/g" /etc/sysconfig/network
 sed -i.orig "s/localhost /$HOSTNAME $HOSTNAME_SHORT localhost /g" /etc/hosts
 iptables -I INPUT -p tcp --dport 88 -j ACCEPT -m comment --comment "kerberos"
 iptables -I INPUT -p udp --dport 88 -j ACCEPT -m comment --comment "kerberos"
 iptables -I INPUT -p udp --dport 464 -j ACCEPT -m comment --comment "kerberos"
 iptables -I INPUT -p tcp --dport 749 -j ACCEPT -m comment --comment "kerberos"
 service iptables save
 service iptables restart
 service network restart

 # Install the kerberos components
 yum install -y krb5-libs krb5-server krb5-workstation
 yum -y install ntp && chkconfig ntpd on && /etc/init.d/ntpd start

 # Update Kerberos Client config file
 sed -i.orig "s/EXAMPLE.COM/$REALM/g" /etc/krb5.conf
 sed -i.m1 "s/kerberos.example.com/$HOSTNAME/g" /etc/krb5.conf
 sed -i.m2 "s/example.com/$DOMAIN/g" /etc/krb5.conf

 # Update the KDC Server configuration
 # Add Max Ticket Life / Renewable Life entries
 sed -i.orig "s/EXAMPLE.COM/$REALM/g" /var/kerberos/krb5kdc/kdc.conf
 sed -i.m1 '/dict_file/a max_life = 1d' /var/kerberos/krb5kdc/kdc.conf
 sed -i.m2 '/dict_file/a max_renewable_life = 7d' /var/kerberos/krb5kdc/kdc.conf
 sed -i.m3 's/^max_/  max_/' /var/kerberos/krb5kdc/kdc.conf
 sed -i.m4 '/supported_enctypes/a default_principal_flags = +renewable, +forwardable' /var/kerberos/krb5kdc/kdc.conf
 sed -i.m5 's/^default_principal_flags/  default_principal_flags/' /var/kerberos/krb5kdc/kdc.conf

 # Update the Admin ACL file
 sed -i.orig "s/EXAMPLE.COM/$REALM/" /var/kerberos/krb5kdc/kadm5.acl

 # Create the kerberos database
 kdb5_util create -s -P $PASSWORD

 # Create an admin user
 kadmin.local -q "addprinc -pw $PASSWORD $ADMINUSER/admin"

 # start the servers
 service krb5kdc start
 service kadmin start
 chkconfig krb5kdc on
 chkconfig kadmin on

 # Create normal users
 kadmin.local -q "addprinc -pw $PASSWORD $NORMALUSER"
	#!/bin/bash

	# Configure Script Settings
	# KDC Server Name, admin user, non-admin user, default password
	HOSTNAME=kerberos.muppets.com
	ADMINUSER=mtucker
	NORMALUSER=pentaho
	PASSWORD=Pentaho123


	## DO NOT EDIT BELOW THIS LINE ##

	# Configure server network settings
	HOSTNAME_SHORT=$(echo $HOSTNAME \| cut -d. -f1)
	DOMAIN=$(echo $HOSTNAME \| cut -d. -f 2-)
	REALM=$(echo $DOMAIN \| tr '[:lower:]' '[:upper:]')
	sed -i.orig "s/localhost.localdomain/$HOSTNAME/g" /etc/sysconfig/network
	sed -i.orig "s/localhost /$HOSTNAME $HOSTNAME_SHORT localhost /g" /etc/hosts
	iptables -I INPUT -p tcp --dport 88 -j ACCEPT -m comment --comment "kerberos"
	iptables -I INPUT -p udp --dport 88 -j ACCEPT -m comment --comment "kerberos"
	iptables -I INPUT -p udp --dport 464 -j ACCEPT -m comment --comment "kerberos"
	iptables -I INPUT -p tcp --dport 749 -j ACCEPT -m comment --comment "kerberos"
	service iptables save
	service iptables restart
	service network restart

	# Install the kerberos components
	yum install -y krb5-libs krb5-server krb5-workstation
	yum -y install ntp && chkconfig ntpd on && /etc/init.d/ntpd start

	# Update Kerberos Client config file
	sed -i.orig "s/EXAMPLE.COM/$REALM/g" /etc/krb5.conf
	sed -i.m1 "s/kerberos.example.com/$HOSTNAME/g" /etc/krb5.conf
	sed -i.m2 "s/example.com/$DOMAIN/g" /etc/krb5.conf

	# Update the KDC Server configuration
	# Add Max Ticket Life / Renewable Life entries
	sed -i.orig "s/EXAMPLE.COM/$REALM/g" /var/kerberos/krb5kdc/kdc.conf
	sed -i.m1 '/dict_file/a max_life = 1d' /var/kerberos/krb5kdc/kdc.conf
	sed -i.m2 '/dict_file/a max_renewable_life = 7d' /var/kerberos/krb5kdc/kdc.conf
	sed -i.m3 's/^max_/ max_/' /var/kerberos/krb5kdc/kdc.conf
	sed -i.m4 '/supported_enctypes/a default_principal_flags = +renewable, +forwardable' /var/kerberos/krb5kdc/kdc.conf
	sed -i.m5 's/^default_principal_flags/ default_principal_flags/' /var/kerberos/krb5kdc/kdc.conf

	# Update the Admin ACL file
	sed -i.orig "s/EXAMPLE.COM/$REALM/" /var/kerberos/krb5kdc/kadm5.acl

	# Create the kerberos database
	kdb5_util create -s -P $PASSWORD

	# Create an admin user
	kadmin.local -q "addprinc -pw $PASSWORD $ADMINUSER/admin"

	# start the servers
	service krb5kdc start
	service kadmin start
	chkconfig krb5kdc on
	chkconfig kadmin on

	# Create normal users
	kadmin.local -q "addprinc -pw $PASSWORD $NORMALUSER"