Sophie

Sophie

distrib > Mandriva > current > i586 > media > contrib-release-src > by-pkgid > 4104eddea4e2fcc111477e3f2b91a03f > files > 1

nagios-check_kdc-20050715-9mdv2010.1.src.rpm

#!/bin/sh

# Check Kerberos KDC functioning for Nagios by getting a ticket using a keytab.
# Dave Love <fx@gnu.org>, 2005-07-15

if [ -f /bin/basename ]; then
    PROGNAME=`/bin/basename $0`
else
    PROGNAME=`/usr/bin/basename $0`
fi
REVISION=1.0
PROGPATH=`echo $0 | /bin/sed -e 's,[\\/][^\\/][^\\/]*$,,'`

. $PROGPATH/utils.sh

usage () {
    echo "\
Kerberos 5 KDC plugin for Nagios

-H, --hostname=HOST	Name of KDC to check
-P, --port=PORT		Port on which KDC runs (default 88)
-p, --principal=NAME	Principal name to authenticate as (including realm)
-k, --keytab=FILE	Keytab file containing principal's key
-h, --help 		Print this help
--version 		Print version"
}

help () {
    print_revision $PROGNAME $REVISION
    echo; usage; echo; support
}

cleanup () {
    /usr/kerberos/bin/kdestroy -c "$cc" >/dev/null 2>/dev/null
    rm -f "$conf"
    exit $state
}

maketemp () {
    # We may or may not have mktemp, and it may or may not require an arg.
    TMPDIR=${TMPDIR:-/tmp}
    ( mktemp ) 2>/dev/null ||
    ( mktemp "$TMPDIR/nagios.XXXXXX" ) 2>/dev/null ||
    echo "$TMPDIR/nagios.$$"
}

port=88
while [ $# -gt 0 ]; do
    case $1 in
	-h|--help) help; exit $STATE_OK;;
	-H|--hostname) shift; kdc=$1; shift;;
	-P|--port) shift; port=$1; shift;;
	-p|--principal) shift; principal=$1; shift;;
	-k|--keytab) shift; keytab=$1; shift;;
        --version | -V)
            print_revision $PROGNAME $REVISION
            exit $STATE_OK;;
	*) usage; exit $STATE_UNKNOWN;;
    esac
done
if [ -z "$kdc" -o -z "$principal" -o -z "$keytab" ]; then
    usage; exit $STATE_UNKNOWN
fi
case $principal in
    *@*) ;;
    *) usage; exit $STATE_UNKNOWN;;
esac
kdc=${kdc}:${port}
realm=`echo $principal|sed -e s/.*@//`

state=$STATE_CRITICAL
trap cleanup EXIT

conf=`maketemp`

cat >"$conf" <<EOF
[libdefaults]
default_realm = $realm
[realms]
$realm = { 
kdc = $kdc
}
[appdefaults]
krb4_get_tickets = false
EOF

cc=`maketemp`

# NB, Heimdal may give something like
# `kinit: NOTICE: ticket renewable lifetime is 1 week'
# on stderr when it succeeds.
err=`/usr/kerberos/bin/kinit -c "$cc" -k -t "$keytab" "$principal" 2>&1`

if [ $? -eq 0 ]; then
    echo OK
    state=$STATE_OK
else
    echo "CRITICAL Getting Kerberos ticket: `echo $err \(credentials for $principal from $keytab\) | head -n 1`"
fi

Perl :: Catalyst :: PostgreSQL :: RPM Valid HTML 4.01 Transitional