#!/bin/sh

set -ex

## This script is run by www-data using sudo. Keep that in mind!
## Make sure that malicious execution cannot hurt.##

HOST="$1"

kadmin.local -q "add_principal -policy hosts -randkey host/$HOST.intern"
kadmin.local -q "ktadd -k /etc/debian-edu/host-keytabs/$HOST.intern.keytab host/$HOST.intern"
kadmin.local -q "add_principal -policy hosts -randkey nfs/$HOST.intern"
kadmin.local -q "ktadd -k /etc/debian-edu/host-keytabs/$HOST.intern.keytab nfs/$HOST.intern"
logger -t gosa-modify-host -p notice Krb5 principals and keytab file for host \'$HOST\' created.

# update services:
/usr/share/debian-edu-config/tools/gosa-sync-dns-nfs

# clean-up Kerberos host keytabs
/usr/share/debian-edu-config/tools/clean-up-host-keytabs

exit 0
