- if cat "$cache" > "$ccname" 2>/dev/null; then
- klist -s 2>/dev/null && kinit -R 2>/dev/null || kinit $PRINCIPAL
- else
- # XXX: Don't kinit every time if we aren't root.
- # TODO: Split the "set my cache" and "get my credentials" parts so
- # that becoming a user other than root will work without
- # extraneous kinits.
- rm "$ccname" 2>/dev/null
- fi
+ (
+ umask 077
+ if cat "$cache" > "$ccname" 2>/dev/null; then
+ klist -s 2>/dev/null && kinit -R 2>/dev/null || kinit $PRINCIPAL
+ elif [ -n "$KRB5BASE64" ]; then
+ if [ -n "$KRB5OPENSSL" ]; then
+ builtin echo "$KRB5BASE64" | $KRB5OPENSSL enc -a -d -out "$ccname"
+ fi
+ unset KRB5BASE64 KRB5OPENSSL
+ else
+ # XXX: Don't kinit every time if we aren't root.
+ # TODO: Split the "set my cache" and "get my credentials" parts so
+ # that becoming a user other than root will work without
+ # extraneous kinits.
+ rm "$ccname" 2>/dev/null
+ fi
+ )