adjust_hostname() {
    local myhostname="$1"

    echo "${myhostname}" > /etc/hostname
    hostname "${myhostname}"
    if ! grep -qE "${myhostname}" /etc/hosts; then
        # just so it's resolvable
        echo "127.0.1.10 ${myhostname}" >> /etc/hosts
    fi
}

create_realm() {
    local realm_name="$1"
    local kerberos_server="$2"

    # start fresh
    rm -rf /var/lib/krb5kdc/*
    rm -rf /etc/krb5kdc/*
    rm -f /etc/krb5.keytab

    # setup some defaults
    cat > /etc/krb5kdc/kdc.conf <<EOF
[kdcdefaults]
    kdc_ports = 750,88
[realms]
    ${realm_name} = {
	    database_name = /var/lib/krb5kdc/principal
	    admin_keytab = FILE:/etc/krb5kdc/kadm5.keytab
	    acl_file = /etc/krb5kdc/kadm5.acl
	    key_stash_file = /etc/krb5kdc/stash
	    kdc_ports = 750,88
	    max_life = 10h 0m 0s
	    max_renewable_life = 7d 0h 0m 0s
	    master_key_type = des3-hmac-sha1
	    #supported_enctypes = aes256-cts:normal aes128-cts:normal
	    default_principal_flags = +preauth
    }
EOF

    cat > /etc/krb5.conf <<EOF
[libdefaults]
    default_realm = ${realm_name}
    kdc_timesync = 1
    ccache_type = 4
    forwardable = true
    proxiable = true
    fcc-mit-ticketflags = true
[realms]
	${realm_name} = {
		kdc = ${kerberos_server}
		admin_server = ${kerberos_server}
	}
EOF
    echo "# */admin *" > /etc/krb5kdc/kadm5.acl

    # create the realm
    kdb5_util create -s -P secretpassword

    # restart services
    systemctl restart krb5-kdc.service krb5-admin-server.service
}

create_krb_principal() {
    local principal="$1"
    local password="$2"

    kadmin.local -q "addprinc -pw ${password} ${principal}" 2>/dev/null
}

create_krb_svc_principal() {
    local principal="$1"

    kadmin.local -q "addprinc -randkey ${principal}" 2>/dev/null
}

extract_principal_key_into_keytab() {
    local principal="$1"

    kadmin.local -q "ktadd ${principal}"
}

