How do I run kadmin from a shell script unattended?
To do this, it’s important to understand that to authenticate to Kerberos, one of two things has to happen: 1. A human has to enter in a secret at some point. 2. A secret has to be stored somewhere on a computer. You can play some funny games with either of these two things, but it basically boils down to #1 or #2. Now, to truly run kadmin unattended, you need to store the secret key of a privileged user somewhere on the computer that will run kadmin. That means that if the system is ever compromised, the attacker could gain access to this secret key and use it to do nasty things to your Kerberos database. You need to decide if you want to open yourself up to this risk. That being said …. here’s how you do it. 1. Create the admin principal you wish to use. 2. Put the key for the admin principal somewhere on your machine. 3. Use kinit to acquire a Kerberos ticket for the principal from the keytab, and run kadmin with the -q to perform whatever tasks you wish. Here’s an example of a sh
