Docker and running ktutil without it exiting

Question

I am trying to create a keytab file when i build the image. Here is what I am running on one of our Red Hat boxes:

ktutil
ktutil:  add_entry -password -p $user_id@DOMAIN.COM -k 1 -e aes256-cts
Password for $user_id@DOMAIN.COM:
ktutil:  wkt $user_id.keytab
ktutil:  quit

and it generates the keytab.

I am trying to do this on Docker and I am running:

RUN ktutil && echo "add_entry -password -p $user_id@DOMAIN.COM -k 1 -e aes256-cts" && echo "$user_pass" && echo "wkt $user_id.keytab" && echo "quit"

Its doing this:

Step 22/27 : RUN ktutil && echo "add_entry -password -p $user_id@DOMAIN.COM -k 1 -e aes256-cts" && echo "$user_pass" && echo "wkt $user_id.keytab" && echo "quit"
 ---> Running in b186efb561fc
ktutil:  add_entry -password -p $user_id@DOMAIN.COM -k 1 -e aes256-cts
$user_pass
wkt $user_id.keytab
quit

So it runs the first command and then exits ktutil? How should i format the RUN command. Is there a trick to getting this to stay in ktutil?

score 2 · Accepted Answer · answered Mar 13 '19 at 19:24

This question is not really Docker specific. It is about how to run ktutil in non-interactive mode and I found existing question which covers that: Script Kerberos Ktutil to make keytabs.

We can apply ideas from that answer to create keytab file in Docker:

FROM centos

# These variables just for demonstration here,
# ideally should be passed as 
ARG user_id
ARG user_pass

# Should check here whether the above arguments 
# have been actually passed to the build

# Install dependencies
# Add new entry to keytab file and list all entries afterwards
RUN yum install -y krb5-workstation.x86_64 \
    && echo -e "add_entry -password -p $user_id@DOMAIN.COM -k 1 -e aes256-cts\n$user_pass\nwkt $user_id.keytab" | ktutil \
    && echo -e "read_kt $user_id.keytab\nlist" | ktutil
wkt $user_id.keytab" | ktutil \
    && echo -e ""

When I run the build for the above Dockerfile with this command:

docker build -t ktutil --build-arg user_id=test --build-arg user_pass=test_pass .

I can see the following results:

ktutil:  add_entry -password -p test@DOMAIN.COM -k 1 -e aes256-cts
Password for test@DOMAIN.COM:
ktutil:  wkt test.keytab
ktutil:  ktutil:  read_kt test.keytab
ktutil:  list
slot KVNO Principal
---- ---- ---------------------------------------------------------------------
   1    1                          test@DOMAIN.COM

score 0 · Answer 2 · answered Mar 13 '19 at 18:47

0

Try:

ktutil:  add_entry -password -p $user_id@DOMAIN.COM -k 1 -e aes256-cts
Password for $user_id@DOMAIN.COM:
ktutil:  add_entry -password -p $user_id@DOMAIN.COM -k 1 -e aes256-cts
Password for $user_id@DOMAIN.COM:
ktutil:

answered Mar 13 '19 at 18:47

TempScripter

1
2

score 0 · Answer 3 · answered Mar 13 '19 at 19:08

0

We managed to fix it like so:

RUN printf 'add_entry -password -p $user_id@DOMAIN.COM -k 1 -e aes256-cts\n$user_pass\nwkt $user_id.keytab' | ktutil

answered Mar 13 '19 at 19:08

user3831011

309
1
10

Docker and running ktutil without it exiting

3 Answers3