check_kdc

Works well allthough the documentation is pretty lacking. I had to change the path to kinit in the script to:

/usr/bin/kinit

Otherwise it worked out of the box. Great!

Here is a patch to make it authenticate using Kerberos password as well and not just keytab. I have also hard-coded the path for utils.sh as it was in a different location from where I stored this plugin. So modify utils.sh path according to your environment.

4a5
> # Modified by Rahul Amaram
12d12
. /usr/lib/nagios/plugins/utils.sh
23a25
> -w, --password=PASSWORD Password for the principal
54a57
> -w|--password) shift; password=$1; shift;;
61c64
if [ -z "$kdc" -o -z "$principal" ] || [ -z "$keytab" -a -z "$password" ]; then
92c95,99
&1`
---
> if [ -n "$password" ]; then
> err=`KRB5_CONFIG=$conf expect -c "log_user 0; spawn kinit -c \"$cc\" \"$principal\"; expect -re \"Password for .*: \"; send \"$password\r\"; expect eof; send_user \"\\$expect_out(buffer)\"; catch wait result; exit [lindex \\$result 3]"`
> else
> err=`KRB5_CONFIG=$conf kinit -c "$cc" -k -t "$keytab" "$principal" 2>&1`
> fi
98c105
echo "CRITICAL Getting Kerberos ticket: `echo $err | sed -r 's/^.*?kinit:\s*//' | head -n 1`"