Automating the Creation of New Principals

Even though the SEAM Tool provides ease-of-use, it doesn't provide a way to automate the creation of new principals. Automation is especially useful if you need to add ten or even 100 new principals in a short amount of time. However, by using the kadmin.local command in a Bourne shell script, you can do just that.

The following shell script line is an example of how to do this:

sed -e 's/^\(.*\)$/ank +needchange -pw \1 \1/' < princnames |
        time /usr/krb5/sbin/kadmin.local> /dev/null

This example has been split over two lines to make it more readable. The script reads in a file called princnames that contains principal names and their passwords and adds them to the Kerberos database. You would have to create the princnames file to contain a principal name and its password on each line, separated by one or more spaces. The +needchange option configures the principal so the user is prompted for a new password when logging in with the principal for the first time, which helps ensure that the passwords in the princnames file are not a security risk.

This is just one example. You can build more elaborate scripts, such as using the information in the name service to obtain the list of user names for the principal names. What you do and how you do it is up to your site needs and your scripting expertise.