-
Notifications
You must be signed in to change notification settings - Fork 0
/
add_user.bash
61 lines (46 loc) · 1.65 KB
/
add_user.bash
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
#!/bin/bash
if [[ -n $1 ]]; then
source .env
mkdir -p clients/$1
cd clients/$1
openssl genrsa -out $1.key 4096
# Request for Certification (CSR)
# запрос на сертификацию (CSR)
openssl req -sha512 -new \
-subj "/C=RU/ST=Stavropol region/L=Stavropol/O=Some ORG/OU=Some dep/CN=$1" \
-key $1.key \
-out $1.csr
# v3 extension for the certificate
# расширение v3 для сертификата
cat >v3-$1.ext <<-EOF
authorityKeyIdentifier=keyid,issuer
basicConstraints=CA:FALSE
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
extendedKeyUsage = clientAuth
subjectAltName = @alt_names
[alt_names]
DNS.1=$1
EOF
# certificate generation
# генерация сертификата
openssl x509 -req -sha512 -days 999999 \
-extfile v3-$1.ext \
-CA ../../CAForClientKafka/ca.crt -CAkey ../../CAForClientKafka/ca.key -CAcreateserial \
-in $1.csr \
-out $1.crt
user="$1@${LDAP_DOMAIN_UPPER}"
echo "Create user KDC ${user}"
docker exec -it centralized-log-kafka-kdc kadmin.local -q "addprinc -randkey ${user}"
echo "Done ${user}"
echo "Create keytab ${1}.keytab"
docker exec -it centralized-log-kafka-kdc kadmin.local -q "ktadd -k /${1}.keytab ${user}"
echo "Done ${1}.keytab"
echo "Copy local ${1}"
docker cp centralized-log-kafka-kdc:/${1}.keytab ${1}.keytab
echo "Done ${1}"
echo '--------------keytab--------------'
realpath ${1}.keytab
echo '----------------------------------'
else
echo "Invalid args. Example: bash add_user.bash testuser"
fi