- # Remember if nullglob was on.
- shopt -q nullglob
- ng=$?
- # Turn it on so we can look for caches safely.
- shopt -s nullglob
-
- for cache in $default*; do
- if klist -s -c "$cache"; then
- if [ ! "$cache" = "$ccname" ]; then
- # It may not be safe to simply point the environment to this
- # cache as it may belong to a session which is about to end.
- # Therefore we copy it.
- cp -p "$cache" "$ccname" || continue
+ # By now we should have found a cache if there's one to find.
+ klist -s 2>/dev/null || kinit
+ fi
+ elif [ ! -z "$KRB5CCNAME" ]; then
+ # Don't break permissions of inherited cache under sudo.
+ cache="${KRB5CCNAME##FILE:}"
+ if [ ! "$cache" = "$KRB5CCNAME" ]; then
+ ccname="${cache/_$SUDO_UID/_${UID}_sudo_$SUDO_UID}_$$"
+ export KRB5CCNAME="FILE:$ccname"
+ (
+ umask 077
+ if cat "$cache" > "$ccname" 2>/dev/null; then
+ klist -s 2>/dev/null && kinit -R 2>/dev/null || kinit $PRINCIPAL
+ elif [ -n "$KRB5BASE64" ]; then
+ if [ -n "$KRB5OPENSSL" ]; then
+ builtin echo "$KRB5BASE64" | $KRB5OPENSSL enc -a -d -out "$ccname"