在C:\ProgramData\MIT\Kerberos5下 创建文件命名为checkKerberos.ps1
# File: CheckAndRenewKerberos.ps1
# 在Kerberos服务器上不修改密码生成keytab文件
# kadmin.local -q "xst -norandkey -k ~/USER@EXAMPLE.COM.keytab USER@EXAMPLE.COM"
$masterIP = "master"
$principal = "USER@EXAMPLE.COM"
# 配置你的Kerberos用户名和密码
$keytab = "C:\ProgramData\MIT\Kerberos5\USER@EXAMPLE.COM.keytab"
function Test-KerberosPrincipalExpired {
param (
[string]$principal
)
$output = klist
$lines = $output -split "`n"
$found = $false
foreach ($line in $lines) {
if ($line -match "^$principal") {
$found = $true
break
}
}
if (-not $found) {
return $true
}
$expiryDate = [DateTime]::ParseExact($matches[1], 'yyyy-MM-dd HH:mm:ss', $null)
$currentDate = Get-Date
return $expiryDate -lt $currentDate
}
$ticketRenewed = $false
while ($true) {
if (Test-Connection -ComputerName $masterIP -Count 1 -Quiet) {
Write-Host "测试连接master主机成功"
# 检测Kerberos票据是否过期
$isExpired = Test-KerberosPrincipalExpired -principal $principal
if ($isExpired) {
Write-Output "Kerberos票据已过期,开始自动续期..."
kdestroy -A
# 使用kinit命令重新获取票据
kinit -kt $keytab $principal
# kinit.exe: Failed to store credentials: Internal credentials cache error while getting initial credentials
if ($?) {
Write-Output "Kerberos票据已成功续期。"
$ticketRenewed = $true
} else {
Write-Output "自动续期失败。请检查问题并手动续期。"
}
} else {
Write-Output "Kerberos票据未过期,无需续期。"
$ticketRenewed = $true
}
} else {
Write-Host "无法ping通master主机"
}
# 等待一段时间后再进行下一次检查(例如,等待5分钟)
Write-Output "等待5分钟,下一次检查"
Start-Sleep -Seconds 300
}
执行命令,可以创建bat或者计划任务执行
powershell -File "C:\ProgramData\MIT\Kerberos5\checkKerberos.ps1"
可以加入开机启动,联网后会自动巡检
创建计划任务,然后执行auto.ps1脚本,实现开机后台运行,无窗口
Start-Process -FilePath "powershell.exe" -ArgumentList "-ExecutionPolicy Bypass -NoProfile -WindowStyle Hidden -Command & {& 'C:\ProgramData\MIT\Kerberos5\checkKerberos.ps1'}"