Added AI generated scaffold based on OpenLDAP project structure.

entrypoint.sh

@@ -0,0 +1,64 @@
+#!/usr/bin/env bash
+
+set -e
+
+REALM="${KRB5_REALM:-EXAMPLE.ORG}"
+DOMAIN="${KRB5_DOMAIN:-example.org}"
+KDC_HOST="${KRB5_KDC_HOST:-localhost}"
+MASTER_PASSWORD="${KRB5_MASTER_PASSWORD:-changeit}"
+ADMIN_PRINCIPAL="${KRB5_ADMIN_PRINCIPAL:-admin}"
+ADMIN_PASSWORD="${KRB5_ADMIN_PASSWORD:-changeit}"
+
+cat > /etc/krb5.conf <<EOF
+[libdefaults]
+    default_realm = ${REALM}
+    dns_lookup_realm = false
+    dns_lookup_kdc = false
+
+[realms]
+    ${REALM} = {
+        kdc = ${KDC_HOST}
+        admin_server = ${KDC_HOST}
+    }
+
+[domain_realm]
+    .${DOMAIN} = ${REALM}
+    ${DOMAIN} = ${REALM}
+EOF
+
+cat > /etc/krb5kdc/kdc.conf <<EOF
+[kdcdefaults]
+    kdc_ports = 88
+
+[realms]
+    ${REALM} = {
+        database_name = /var/lib/krb5kdc/principal
+        admin_keytab = FILE:/etc/krb5kdc/kadm5.keytab
+        acl_file = /etc/krb5kdc/kadm5.acl
+        key_stash_file = /etc/krb5kdc/.k5.${REALM}
+        kdc_ports = 88
+        max_life = 10h 0m 0s
+        max_renewable_life = 7d 0h 0m 0s
+        master_key_type = aes256-cts
+        supported_enctypes = aes256-cts:normal aes128-cts:normal
+    }
+EOF
+
+cat > /etc/krb5kdc/kadm5.acl <<EOF
+${ADMIN_PRINCIPAL}/admin@${REALM} *
+EOF
+
+if [ ! -f /var/lib/krb5kdc/principal ]; then
+    echo "Initializing Kerberos realm ${REALM}..."
+    kdb5_util create -s -P "${MASTER_PASSWORD}" -r "${REALM}"
+    kadmin.local -q "addprinc -pw ${ADMIN_PASSWORD} ${ADMIN_PRINCIPAL}/admin@${REALM}"
+    echo "Realm initialized."
+fi
+
+krb5kdc -n &
+KDC_PID=$!
+
+kadmind -nofork &
+KADMIND_PID=$!
+
+wait -n $KDC_PID $KADMIND_PID