#!@l_bash@
##
##  heimdal-setup -- Kerberos setup procedure
##

if [ $# -ne 2 ]; then
    echo "USAGE: $0 <realm> <domain>"
    echo "EXAMPLE: $0 EXAMPLE.COM example.com"
    exit 1
fi

realm=`echo "$1"  | tr 'abcdefghijklmnopqrstuvwxyz' 'ABCDEFGHIJKLMNOPQRSTUVWXYZ'`
domain=`echo "$2" | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz'`
host=`@l_prefix@/lib/openpkg/shtool echo -e "%h.$domain"`

echo "++ configure Kerberos realm \"$realm\""
sed <@l_prefix@/etc/heimdal/kdc.conf \
    >@l_prefix@/etc/heimdal/kdc.conf.new \
    -e "s;EXAMPLE\.COM;$realm;g" \
    -e "s;example\.com;$domain;g"
cp -p @l_prefix@/etc/heimdal/kdc.conf.new @l_prefix@/etc/heimdal/kdc.conf
rm -f @l_prefix@/etc/heimdal/kdc.conf.new
sed <@l_prefix@/etc/heimdal/krb5.conf \
    >@l_prefix@/etc/heimdal/krb5.conf.new \
    -e "s;kerberos1\.example\.com;$host;" \
    -e "s;kerberos2\.example\.com;$host;" \
    -e "s;EXAMPLE\.COM;$realm;g" \
    -e "s;example\.com;$domain;g"
cp -p @l_prefix@/etc/heimdal/krb5.conf.new @l_prefix@/etc/heimdal/krb5.conf
rm -f @l_prefix@/etc/heimdal/krb5.conf.new

echo "++ creating Kerberos database"
@l_prefix@/sbin/kstash --random-key --key-file=@l_prefix@/var/heimdal/db/$realm.mkey
( echo -n "init"
  echo -n " --realm-max-ticket-life=unlimited"
  echo -n " --realm-max-renewable-life=unlimited"
  echo -n " $realm"
  echo ""
) | @l_prefix@/sbin/kadmin -l -p admin/admin

echo "++ adding administrator \"admin@$realm\" to Kerberos database"
echo "*/admin@$realm all" >@l_prefix@/var/heimdal/db/$realm.acl
chmod 600 @l_prefix@/var/heimdal/db/$realm.acl
chown @l_susr@:@l_mgrp@ @l_prefix@/var/heimdal/db/$realm.acl
( echo -n "add"
  echo -n " --password=admin"
  echo -n " --max-ticket-life=1day --max-renewable-life=1week"
  echo -n " --expiration-time=never --pw-expiration-time=never"
  echo -n " --attributes=\"\""
  echo -n " admin/admin@$realm"
  echo ""
) | @l_prefix@/sbin/kadmin -l -p admin/admin

echo "++ adding host \"host/$host\" to Kerberos database"
( echo -n "add"
  echo -n " --random-key"
  echo -n " --max-ticket-life=1day --max-renewable-life=1week"
  echo -n " --expiration-time=never --pw-expiration-time=never"
  echo -n " --attributes=\"\""
  echo -n " host/$host"
  echo ""
) | @l_prefix@/sbin/kadmin -l -p admin/admin

echo "++ exporting keytab file for \"host/$host\" from Kerberos database"
( echo "ext_keytab host/$host"
) | @l_prefix@/sbin/kadmin -l -p admin/admin

echo "++ adding ipropd master \"iprop/$host\" to Kerberos database"
( echo -n "add"
  echo -n " --random-key"
  echo -n " --max-ticket-life=1day --max-renewable-life=1week"
  echo -n " --expiration-time=never --pw-expiration-time=never"
  echo -n " --attributes=\"\""
  echo -n " iprop/$host"
  echo ""
) | @l_prefix@/sbin/kadmin -l -p admin/admin

echo "++ exporting keytab file for \"host/$host\" from Kerberos database"
( echo "ext_keytab iprop/$host"
) | @l_prefix@/sbin/kadmin -l -p admin/admin