+ # Remember if nullglob was on.
+ shopt -q nullglob
+ ng=$?
+ # Turn it on so we can look for caches safely.
+ shopt -s nullglob
+
+ for cache in $default*; do
+ if klist -s -c "$cache"; then
+ if [ ! "$cache" = "$ccname" ]; then
+ # It may not be safe to simply point the environment to this
+ # cache as it may belong to a session which is about to end.
+ # Therefore we copy it.
+ cp -p "$cache" "$ccname" || continue
+ fi
+ kinit -R &>/dev/null
+ break
+ fi
+ done
+
+ # Maybe turn nocaseglob back off.
+ [ $ng = 0 ] || shopt -u nullglob
+ fi
+
+ # By now we should have found a cache if there's one to find.
+ klist -s 2>/dev/null || kinit
+ fi
+ elif [ ! -z "$KRB5CCNAME" ]; then
+ # Don't break permissions of inherited cache under sudo.
+ cache="${KRB5CCNAME##FILE:}"
+ if [ ! "$cache" = "$KRB5CCNAME" ]; then
+ ccname="${cache/_$SUDO_UID/_sudo_$SUDO_UID}_$$"
+ export KRB5CCNAME="FILE:$ccname"
+ if cat "$cache" > "$ccname" 2>/dev/null; then
+ klist -s 2>/dev/null && kinit -R 2>/dev/null || kinit $PRINCIPAL
+ else
+ # XXX: Don't kinit every time if we aren't root.
+ # TODO: Split the "set my cache" and "get my credentials" parts so
+ # that becoming a user other than root will work without
+ # extraneous kinits.
+ rm "$ccname" 2>/dev/null
+ fi
+ trap "kdestroy 2>/dev/null" EXIT