From 15010d062ae276a92065cd6ea7dc94b749e20756 Mon Sep 17 00:00:00 2001 From: Lexi Winter Date: Wed, 4 Jun 2025 10:42:19 +0100 Subject: allow PREFIX to be customised --- kerberos.sh.in | 86 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 86 insertions(+) create mode 100644 kerberos.sh.in (limited to 'kerberos.sh.in') diff --git a/kerberos.sh.in b/kerberos.sh.in new file mode 100644 index 0000000..41d99c2 --- /dev/null +++ b/kerberos.sh.in @@ -0,0 +1,86 @@ +#! /bin/sh +# This source code is released into the public domain. + +. __LIBDIR__/init.sh +. __LIBDIR__/dnsutils.sh + +# begin, done or failed +ACTION=$1 +# ACME method, must be dns-01. +METHOD=$2 +# This is the full domain name we're authorising. +DOMAIN=$3 +# Token name, not used for dns-01. +TOKEN=$4 +# The token value we need to create. +AUTH=$5 + +if [ "$#" -ne 5 ]; then + _fatal "missing arguments" +fi + +if [ "$METHOD" != "dns-01" ]; then + exit 1 +fi + +if [ -z "$ACME_KERBEROS_PRINCIPAL" ]; then + ACME_KERBEROS_PRINCIPAL="host/$(hostname)" +fi + +if [ -z "$ACME_KERBEROS_KEYTAB" ]; then + ACME_KERBEROS_KEYTAB="/etc/krb5.keytab" +fi + +if ! kinit -k -t "$ACME_KERBEROS_KEYTAB" "$ACME_KERBEROS_PRINCIPAL"; then + _fatal "failed to obtain a Kerberos ticket" +fi + +# Add a new record using nsupdate. +_add_record() { + local domain="$1" + local auth="$2" + + nsupdate -g <