#!/usr/bin/bash

if [ $# -lt 1 ]; then
    echo "Usage: $(basename "${0}") USERNAME"
    exit 1
fi

localkdc_kadmin="$(command -v localkdc-kadmin)"
if [ -z "${localkdc_kadmin}" ]; then
    echo "Can't find localkdc-kadmin"
    exit 1
fi

user="${1}"
out="$(userdbctl --output=classic user "${user}")"
ret=$?
if [ $ret -ne 0 ]; then
    echo "ERROR: Can't find user [${user}] on this system!"
    exit 1
fi
normalized_user=$(awk -F  ':' '{ print $1 }' <<< "${out}")
if [ -z "${normalized_user}" ]; then
    echo "ERROR: Can't parse normalized user:"
    echo "${out}"
    exit 1
fi
user_entry="userdb:${normalized_user}"

enctypes="aes256-cts-hmac-sha384-192:special, aes128-cts-hmac-sha256-128:special, aes256-cts-hmac-sha1-96:special, aes128-cts-hmac-sha1-96:special"
options=("-allow_tix" "+requires_preauth")

exec ${localkdc_kadmin} addprinc -e "${enctypes}" "${options[@]}" "${user_entry}"
