From 4405df326d372c8a7d3333be48857ff376a4f5ba Mon Sep 17 00:00:00 2001 From: Mercier Pierre-Olivier Date: Sat, 14 Sep 2013 08:32:48 +0200 Subject: [PATCH] Add function to get Kerberos password --- utils/lpt | 34 ++++++++++++++++++++++++++++++++++ 1 file changed, 34 insertions(+) diff --git a/utils/lpt b/utils/lpt index c5309ab..5989ac1 100755 --- a/utils/lpt +++ b/utils/lpt @@ -4,6 +4,8 @@ use v5.10.1; use strict; use warnings; +use Authen::Krb5; +use Authen::Krb5::Admin; use Digest::SHA1; use IPC::Cmd qw[run]; use MIME::Base64; @@ -133,6 +135,37 @@ sub ldap_get_password() return $bindsecret; } +sub krb5_get_password() +{ + my $krb5secret; + if (defined($ENV{'KRB5_PASSWORD'}) && $ENV{'KRB5_PASSWORD'} ne "") { + return $ENV{'KRB5_PASSWORD'}; + } + + say "To avoid typing password everytime, set KRB5_PASSWORD in your env."; + say "Do not do this in your shell configuration file!"; + say "Use a command like:\n"; + say ' $ echo -n "KRB5 password: "; read -s LDAP_PASSWORD; echo'; + say ' $ KRB5_PASSWORD=$KRB5_PASSWORD lpt ...'; + say "The last line prevent you from exporting the Kerberos password to all commands but lpt!"; + say ""; + + ReadMode("noecho"); + print BOLD, "Need KRB5 password: ", RESET; + $krb5secret = ; + ReadMode("restore"); + print "\n"; + + chomp $krb5secret; + return $krb5secret; +} + +sub krb5_connect() +{ + Authen::Krb5::init_context(); + return Authen::Krb5::Admin->init_with_password("admin/admin", krb5_get_password()); +} + $LDAP::binddn = "cn=admin,dc=acu,dc=epita,dc=fr"; $LDAP::secret_search = \&ldap_get_password; @@ -481,6 +514,7 @@ sub cmd_account_password($@) $mesg->entry(0)->replace("userPassword" => $enc_password); $mesg->entry(0)->update($ldap); $ldap->unbind or die ("couldn't disconnect correctly"); + return 0; }