check_kadmin
check_kadmin.pl is a plugin for monitoring the kadmin daemon.
It uses an admin user with minimal privileges and a keytab to connect to the kadmin daemon to check if the daemon is accepting connections and authenticating users.
Usage:
./check_kadmin.pl [-h] | [-p port] [-w warn time] [-c critical time] -u admin_princ -k keytab -r realm
Options:
Flag | Description |
---|---|
-h, --help | Print this help message |
-p, --port | Specify a port to use (default is kadmin) |
-w, --warning | Return a warning if plugin takes greater than -w seconds |
-c, --critical | Exit critical if plugin reaches -c seconds |
-u, --user | Specifies the kadmin admin account to login with |
-k, --keytab | Specifies the keytab file containing the key |
-r, --realm | Specifies the realm |
Note:
You should create an admin prinicple for this plugin and use an ACL to give it minimal privilages. It only has to be abel to connect to the kadmin daemon. You will need to configure your krb5.conf file for each realm you wish to test.