#!/bin/sh

. /etc/sysconfig/system

[ "$SERVER_ROLE" = "master" ] || exit 0

. shell-error
. shell-signal
. alterator-kdc-princ-functions

SSH=$(type -p trust-ssh)
SCP=$(type -p trust-scp)

[ -n "$SSH" -a -n "$SCP" ] || exit 0

cleanup()
{
    [ -z "$temp" ] || rm -fr -- "$temp"
}

temp="$(mktemp -dt ${0##*/}.XXXXXXXX)"
set_cleanup_handler cleanup

addkeytab()
{
    local host="$1"
    shift
    genkeytab $temp/krb5.keytab $host
    $SCP $temp/krb5.keytab $host:/etc/krb5.keytab

    if $SSH $host test -d /etc/squid; then
	genkeytab $temp/squid.keytab $host
	$SCP $temp/squid.keytab $host:/etc/squid/squid.keytab
	$SSH $host chown squid.squid /etc/squid/squid.keytab
    fi

    if $SSH $host test -d /etc/dovecot; then
	genkeytab $temp/dovecot.keytab $host
	$SCP $temp/dovecot.keytab $host:/etc/dovecot/dovecot.keytab
	$SSH $host chown dovecot.dovecot /etc/dovecot/dovecot.keytab
    fi
}

case "$2" in
    add) addkeytab "$1" ;;
    *) message "unknown action $2, skipped"
esac
