How to automate ktutil to immediately list keytab entries?

I use MIT ktutil a lot on Linux and I am fed up using the following sequence, even if command shortcuts and file name completion are here to help:

ktutil
rkt my.keytab
l

Isn’t there a way to get the same result in a “one-line” way from the shell? Either with an alias, a function, or just with another tool?

Asked By: Yves Martin

||
Source

I found a way with a shell function, after guessing ktutil may accept commands from stdin:

rkt() { echo -e "read_kt $1nlistnquit" | ktutil | grep -v "^ktutil:"; }

And invoke with rkt my.keytab

Works as far as file name contains no space.

Answered By: Yves Martin

I always use klist instead to list the contents of keytab files out instead of ktutil.

Example #1 – klist

$ klist -kt /etc/somedir/conf/some.keytab
Keytab name: FILE:/etc/somedir/conf/some.keytab
KVNO Timestamp         Principal
---- ----------------- --------------------------------------------------------
   5 08/25/15 11:18:35 app/host1.dom.local@TD.COM
   5 08/25/15 11:18:35 app/host1.dom.local@TD.COM
   5 08/25/15 11:18:35 app/host1.dom.local@TD.COM
   7 08/25/15 11:18:35 app/host2.dom.local@TD.COM
...

Example #2 – process substitution

You can also use a redirect to ktutil‘s STDIN like so:

$ ktutil < <(echo -e "rkt /etc/somedir/conf/some.keytabnlist")
ktutil:  rkt /etc/somedir/conf/some.keytab
ktutil:  list
slot KVNO Principal
---- ---- ---------------------------------------------------------------------
   1    5 app/host1.dom.local@TD.COM
   2    5 app/host1.dom.local@TD.COM
   3    5 app/host1.dom.local@TD.COM
   4    7 app/host1.dom.local@TD.COM
Answered By: slm

This can help to merge 2 keytab, using standad input to use in shell script

ktutil < <(echo -e "rkt/var/tmp/keytab/merge/krb5.keytab.server.keytab1n
rkt /var/tmp/keytab/merge/krb5.keytab.server.keytab1n
wkt /var/tmp/keytab/merge/krb5.keytabn
quit")
ktutil:  rkt /var/tmp/keytab/merge/krb5.keytab.server.keytab1
ktutil:  rkt /var/tmp/keytab/merge/krb5.keytab.server.keytab1
ktutil:  wkt /var/tmp/keytab/merge/krb5.keytab
ktutil:  quit
Answered By: Vikas Arora

Other answers provide a way to run a series of ktutil commands and then exit.

It’s more difficult to do a series of commands and then get an interactive session, with full line editing capabilities.

You can achieve this with a script for the expect program, which should be available to install from your distro.

#!/usr/bin/env expect -f
spawn ktutil
send "read_kt [lrange $argv 0 1]nln"
set CTRLZ 32
interact {
 -reset $CTRLZ {exec kill -STOP [pid]}
 03 exit
}

Save as myktutil somewhere in your PATH and make it executable with chmod +x

Then you can do, for example:

$ myktutil foo.keytab

This will read in the keytab file foo.keytab, list the keys and then drop you into the interactive command at that point.

Extending the script to do non-trivial things will require familiarization with expect and the Tcl language.

Answered By: João Matos
Categories: Answers Tags: ,
Answers are sorted by their score. The answer accepted by the question owner as the best is marked with
at the top-right corner.