#!/bin/bash

# usage: add_client_principal client_hostname

CLIENT=$1

kadmin.local << EOF
ktremove nfs/$CLIENT.{{ domain }}@{{ domain | upper }} all
delprinc -force nfs/$CLIENT.{{ domain }}@{{ domain | upper }}
EOF

kadmin.local << EOF
ktremove nfs/$CLIENT.{{ domain }} all
addprinc -randkey nfs/$CLIENT.{{ domain }}@{{ domain | upper }}
ktadd -k /root/$CLIENT.keytab nfs/$CLIENT.{{ domain }}@{{ domain | upper }}
EOF

ktutil << EOF
read_kt /root/$CLIENT.keytab
write_kt /etc/krb5.keytab
quit
EOF

chown root:sudo /root/$CLIENT.keytab
chmod 640 /root/$CLIENT.keytab
