1 alias kssh='ssh -o preferredauthentications=gssapi-with-mic'
2 alias pssh='ssh -o preferredauthentications=password,keyboard-interactive'
4 unalias kinit 2>/dev/null
5 if [ 1 = 0 -a -z "$OLDSOLARIS" -a -z "$OLDREDHAT" ]; then
7 # Canonicalise the cache name.
8 if [ -n "$KRB5CCNAME" -a "${KRB5CCNAME##*:}" = "$KRB5CCNAME" ]; then
9 export KRB5CCNAME="FILE:$KRB5CCNAME"
12 if [ ! "$SUDO_UID" ]; then
13 if klist -s 2>/dev/null; then
14 # We already have a ticket cache. Renew it.
17 # Try to find an existing cache but only if we are using FILE: caches.
18 default=$((unset KRB5CCNAME; klist 2>&1) | sed -n 's/.*FILE:\([^)]*\).*/\1/p')
19 if [ ! -z "$default" ]; then
20 # Check for Exceed onDemand stupidity.
21 if [ "$KRB5CCNAME" = "FILE:" ]; then
25 # Check for bogus FILE: KRB5CCNAME.
26 if [ ! -z "$KRB5CCNAME" -a "${KRB5CCNAME##*:}" = "$KRB5CCNAME" ]; then
27 export KRB5CCNAME="FILE:$KRB5CCNAME"
31 ccname="${KRB5CCNAME##FILE:}"
32 if [ "$ccname" = "$KRB5CCNAME" ]; then
33 # Our cache isn't a file cache. Throw it away.
38 # Remember if nullglob was on.
41 # Turn it on so we can look for caches safely.
44 for cache in $default*; do
45 if klist -s -c "$cache"; then
46 if [ ! "$cache" = "$ccname" ]; then
47 # It may not be safe to simply point the environment to this
48 # cache as it may belong to a session which is about to end.
49 # Therefore we copy it.
50 cp -p "$cache" "$ccname" || continue
57 # Maybe turn nocaseglob back off.
58 [ $ng = 0 ] || shopt -u nullglob
61 # By now we should have found a cache if there's one to find.
62 klist -s 2>/dev/null || kinit
64 elif [ ! -z "$KRB5CCNAME" ]; then
65 # Don't break permissions of inherited cache under sudo.
66 cache="${KRB5CCNAME##FILE:}"
67 if [ ! "$cache" = "$KRB5CCNAME" ]; then
68 ccname="${cache/_$SUDO_UID/_${UID}_sudo_$SUDO_UID}_$$"
69 export KRB5CCNAME="FILE:$ccname"
72 if cat "$cache" > "$ccname" 2>/dev/null; then
73 klist -s 2>/dev/null && kinit -R 2>/dev/null || kinit $PRINCIPAL
74 elif [ -n "$KRB5BASE64" ]; then
75 if [ -n "$KRB5OPENSSL" ]; then
76 builtin echo "$KRB5BASE64" | $KRB5OPENSSL enc -a -d -out "$ccname"
78 unset KRB5BASE64 KRB5OPENSSL
80 # XXX: Don't kinit every time if we aren't root.
81 # TODO: Split the "set my cache" and "get my credentials" parts so
82 # that becoming a user other than root will work without
84 rm "$ccname" 2>/dev/null
87 trap "kdestroy 2>/dev/null" EXIT
93 unset cache ccname default ng
97 if [ -n "$KRB5CCNAME" ]; then
99 [ "${args/-c /}" = "$args" ] && krb5ccname="-c $KRB5CCNAME"
101 ( builtin cd /; exec -c kinit $krb5ccname ${1+"$@"} )