On Wed, 2005-12-21 at 14:38 +0200, Amir Saad wrote: > i'm replacing the NIS with LDAP and Kerberos, the question is , is there any > way to automate the creation of the principals? do i have to add a pricipal > for each user in my current system or there is a tool (like ldap migration) > that can do that?
Is any tool other than kadmin needed? I don't know about your specific situtation, but I'd do it with a shell command, like this: ypcat passwd | while IFS=: read name rest; do password=$(dd if=/dev/random bs=3 count=2 2>/dev/null | encode-base64) kadmin -c "$KRB5CCNAME" -q "ank -pw $password $name" echo "$name $password" >>/tmp/newpasswords done That requires your ccache to have a valid kadmin service ticket, though. Get it with a command like "kinit -S kadmin/admin yourname/admin". It also requires a base64 encoding program. The one I used comes from Perl's MIME-Base64 module. I don't know if there might be anything wrong with this way of doing it, but in that case, I can't think of any. Hope it helps. Fredrik Tolf ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
