• Home
• org.apache.kerby
• kdc-tool
• 2.1.0
• source code
• KdcInitTool.java

×

Project download

Many resources are needed to download a project. Please understand that we have to compensate our server costs. Thank you in advance.
Project price only 1 $

You can buy this project and download/modify it how often you want.

org.apache.kerby.kerberos.tool.kdcinit.KdcInitTool Maven / Gradle / Ivy

/**
 *  Licensed to the Apache Software Foundation (ASF) under one
 *  or more contributor license agreements.  See the NOTICE file
 *  distributed with this work for additional information
 *  regarding copyright ownership.  The ASF licenses this file
 *  to you under the Apache License, Version 2.0 (the
 *  "License"); you may not use this file except in compliance
 *  with the License.  You may obtain a copy of the License at
 *
 *    http://www.apache.org/licenses/LICENSE-2.0
 *
 *  Unless required by applicable law or agreed to in writing,
 *  software distributed under the License is distributed on an
 *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
 *  KIND, either express or implied.  See the License for the
 *  specific language governing permissions and limitations
 *  under the License.
 *
 */
package org.apache.kerby.kerberos.tool.kdcinit;

import org.apache.kerby.kerberos.kerb.KrbException;
import org.apache.kerby.kerberos.kerb.admin.kadmin.local.LocalKadmin;
import org.apache.kerby.kerberos.kerb.admin.kadmin.local.LocalKadminImpl;
import org.apache.kerby.kerberos.kerb.admin.server.kadmin.AdminServer;
import org.apache.kerby.kerberos.kerb.admin.server.kadmin.AdminServerConfig;
import org.apache.kerby.util.OSUtil;

import java.io.File;

/**
 * A tool to initialize KDC backend for the first time when setup the KDC.
 */
public class KdcInitTool {
    private LocalKadmin kadmin;
    private static File adminKeytabFile;
    private static File protocolKeytabFile;

    private static  final String USAGE = (OSUtil.isWindows()
            ? "Usage: bin\\kdcinit.cmd" : "Usage: sh bin/kdcinit.sh")
            + "  \n"
            + "\tThis tool initializes KDC backend and should only be performed the first time,\n"
            + "\tand the output keytabs should be carefully kept to administrate/kadmin KDC later.\n"
            + "\tExample:\n"
            + "\t\t"
            + (OSUtil.isWindows()
            ? "bin\\kdcinit.cmd" : "sh bin/kdcinit.sh")
            + " conf keytabfolder\n";

    void initKdc(File confDir) throws KrbException {
        kadmin = new LocalKadminImpl(confDir);
        try {
            kadmin.createBuiltinPrincipals();
            kadmin.exportKeytab(adminKeytabFile, kadmin.getKadminPrincipal());
            System.out.println("The keytab for kadmin principal "
                    + "has been exported to the specified file "
                    + adminKeytabFile.getAbsolutePath() + ", please keep it safe, "
                    + "in order to use kadmin tool later");

            // Export protocol keytab file for remote admin tool
            AdminServer adminServer = new AdminServer(confDir);
            AdminServerConfig adminServerConfig = adminServer.getAdminServerConfig();
            String principal = adminServerConfig.getProtocol() + "/"
                + adminServerConfig.getAdminHost() + "@" + adminServerConfig.getAdminRealm();
            kadmin.addPrincipal(principal);
            kadmin.exportKeytab(protocolKeytabFile, principal);
            System.out.println("The keytab for protocol principal "
                    + "has been exported to the specified file "
                    + protocolKeytabFile.getAbsolutePath() + ", please keep it safe, "
                    + "in order to use remote kadmin tool later");
        } finally {
            kadmin.release();
        }
    }

    public static void main(String[] args) throws KrbException {
        if (args.length != 2) {
            System.err.println(USAGE);
            System.exit(1);
        }

        String confDirPath = args[0];
        String keyTabPath = args[1];
        File confDir = new File(confDirPath);
        File keytabDir = new File(keyTabPath);
        adminKeytabFile = new File(keytabDir, "admin.keytab");
        protocolKeytabFile = new File(keytabDir, "protocol.keytab");
        if (!confDir.exists()) {
            System.err.println("The conf-dir is invalid or does not exist.");
            System.exit(2);
        }
        if (!keytabDir.exists() && !keytabDir.mkdirs()) {
            System.err.println("Could not create keytab path." + keytabDir);
            System.exit(3);
        }

        if (adminKeytabFile.exists()) {
            System.err.println("The kadmin keytab already exists in " + adminKeytabFile
                    + ", this tool may have been executed already.");
            return;
        }
        if (protocolKeytabFile.exists()) {
            System.err.println("The protocol keytab already exists in " + protocolKeytabFile
                + ", this tool may have been executed already.");
            return;
        }

        KdcInitTool kdcInitTool = new KdcInitTool();

        try {
            kdcInitTool.initKdc(confDir);
        } catch (KrbException e) {
            System.err.println("Errors occurred when initializing the kdc " + e.getMessage());
            System.exit(1);
        }

        System.out.println("Finished initializing the KDC backend");
        System.exit(0);
    }
}