Add function to get Kerberos password
This commit is contained in:
Mercier Pierre-Olivier
parent
42835c5930
commit
4405df326d
34
utils/lpt
34
utils/lpt
|
|
@ -4,6 +4,8 @@ use v5.10.1;
|
|||
use strict;
|
||||
use warnings;
|
||||
|
||||
use Authen::Krb5;
|
||||
use Authen::Krb5::Admin;
|
||||
use Digest::SHA1;
|
||||
use IPC::Cmd qw[run];
|
||||
use MIME::Base64;
|
||||
|
|
@ -133,6 +135,37 @@ sub ldap_get_password()
|
|||
return $bindsecret;
|
||||
}
|
||||
|
||||
sub krb5_get_password()
|
||||
{
|
||||
my $krb5secret;
|
||||
if (defined($ENV{'KRB5_PASSWORD'}) && $ENV{'KRB5_PASSWORD'} ne "") {
|
||||
return $ENV{'KRB5_PASSWORD'};
|
||||
}
|
||||
|
||||
say "To avoid typing password everytime, set KRB5_PASSWORD in your env.";
|
||||
say "Do not do this in your shell configuration file!";
|
||||
say "Use a command like:\n";
|
||||
say ' $ echo -n "KRB5 password: "; read -s LDAP_PASSWORD; echo';
|
||||
say ' $ KRB5_PASSWORD=$KRB5_PASSWORD lpt ...';
|
||||
say "The last line prevent you from exporting the Kerberos password to all commands but lpt!";
|
||||
say "";
|
||||
|
||||
ReadMode("noecho");
|
||||
print BOLD, "Need KRB5 password: ", RESET;
|
||||
$krb5secret = <STDIN>;
|
||||
ReadMode("restore");
|
||||
print "\n";
|
||||
|
||||
chomp $krb5secret;
|
||||
return $krb5secret;
|
||||
}
|
||||
|
||||
sub krb5_connect()
|
||||
{
|
||||
Authen::Krb5::init_context();
|
||||
return Authen::Krb5::Admin->init_with_password("admin/admin", krb5_get_password());
|
||||
}
|
||||
|
||||
$LDAP::binddn = "cn=admin,dc=acu,dc=epita,dc=fr";
|
||||
$LDAP::secret_search = \&ldap_get_password;
|
||||
|
||||
|
|
@ -481,6 +514,7 @@ sub cmd_account_password($@)
|
|||
$mesg->entry(0)->replace("userPassword" => $enc_password);
|
||||
$mesg->entry(0)->update($ldap);
|
||||
$ldap->unbind or die ("couldn't disconnect correctly");
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
|
|
|||
Reference in New Issue