I got several responses to the bulk kas delete problem. The tips were
very helpful. I managed to disable login for our entire network in
the process! Turns out there is a krbtkgt entry in kas that better not
get deleted! So for those who are interested below are two scripts, perl
and csh that do what I wanted. I switched to perl to have more control
of the I/O directions.
--
Mike Heisler 607-255-7344 [EMAIL PROTECTED]
Materials Science Ctr. 302 Thurston Hall Cornell Univ, Ithaca, NY 14853-1503
"Life was better when there was only one computer."
-----------------------------------------
>"The kas command has an interactive mode that keeps admin credentials in
>memory. If you put the delete commands into a file you should be able
>to do something like "kas<extra_users_list". I will prompt you once for
>the password (reading from /dev/tty, as I recall) and then read the
>commands from stdin. "
>
>Ted Anderson
>
>We frequently have to process a lot of commands via KAS. What we have
>been doing, is sourcing a command file like the following:
>
>
>echo -n 'enter passwd for admin:'
>stty -echo
>read PASSWD
>stty echo
>kas -admin_user admin <<BLORT
>$PASSWD
>delete -name xxxxxxx
>create -name yyyyyy -initial_password Top.Secret
>...More kas commands...
>quit
>BLORT
>
>This make more sense when you have more than 2 lines to execute. However,
>even this has problems. (We are converting to calling subroutines, but
>even there we have problems.)
>
>Doing a lot of lines has a tendency to "overrun" KAS. This problem seems to
>have gotten worse as we got to newer versions of KAS. Even using the
>subroutine interface, we found that under AIX, we could process 500 commands
>and then it would fail (due to number of forked processes). This was not
>a problem under SUNos. (In our case, the command files are generated
>by programs extracting information from an Oracle database.)
>
>A fall back for a oneshot - is to go into interactive mode of KAS, and then
>cut and paste in the commands, a screenful at a time. (Gives KAS time
>to catch up).
>--
>Jon Finke [EMAIL PROTECTED]
>Senior Network Systems Engineer [EMAIL PROTECTED]
>Information Technology Services 518 276 8185 (voice)
>Rensselaer Polytechnic Institute 518 276 2809 (fax)
------------------------------------------
#!/usr/local/bin/perl
# Pipe commands to kas to delete list of users
# Usage: kasbulk.prl userlist
# Copyright 1995 Cornell University, Materials Science Center
# 03/15/95 Mike Heisler Original Coding
# It is done with a while pipe to kas because we have heard tell that
# hitting kas too rapidly in succession, like piping the list directly to kas,
# can cause data base corruption.
if ($#ARGV == -1) {
print "Must provide a filename with list of users\n";
die "Syntax: kasbulk.prl file\n";
}
print "WARNING: messing up the kaserver database will disable logins\n";
print " It is recommended that you make copies of\n";
print " /usr/afs/db/kaserver.DB{0,SYS1} on the sync site machine\n";
print " in case of problems.\n\n";
print 'Enter password for admin: ';
system ('stty','-echo');
$passwd = <STDIN>;
system ('stty','echo');
print "\n";
# open (KAS, '> kas.test');
open (KAS, "| kas interactive -admin admin");
# Set KAS output to line buffered, otherwise sleep has no affect
select((select(KAS), $| = 1)[0]);
print KAS "$passwd";
while (<>) {
# I like seeing something happening
print "Deleting from kas $_";
print KAS "delete $_";
sleep 10;
}
close KAS;
------------------------------------------
#!/bin/csh
# Copyright 1995 Cornell University, Materials Science Center
# 03/15/95 Mike Heisler Original Coding
# Pipe commands to kas to delete list of users
# Usage: kaspipe.csh filelist | kas interactive admin > kas.out
# It is done with a foreach pipe to kas because we have heard tell that
# hitting kas too quickly, like piping the list directly to kas,
# can cause data base corruption.
echo -n 'Enter password for admin:' >& /dev/tty
echo "....." >& /dev/tty
stty -echo
set PASSWD = $<
stty echo
echo $PASSWD
foreach u (`cat $1`)
# I like seeing something happening
echo "Deleting $u from kas" >& /dev/tty
echo "delete $u"
sleep 5
end
