X-Git-Url: http://git.iain.cx/?a=blobdiff_plain;f=.profile.d%2Fkrb5.bashrc;h=9a1f2e94894f5c5c8368bf35f92b292e925a6f84;hb=d6ccc8abb1b587d6c9e2b4f416c1236cc61e7c3c;hp=979bd710267f6a81ff4ddfe9abac3595780f0a0a;hpb=7b6dd8b88884f5a74776de2a4af4142b11ee6fef;p=profile.git

diff --git a/.profile.d/krb5.bashrc b/.profile.d/krb5.bashrc
index 979bd71..9a1f2e9 100644
--- a/.profile.d/krb5.bashrc
+++ b/.profile.d/krb5.bashrc
@@ -61,15 +61,23 @@ if [ -z "$OLDSOLARIS" -a -z "$OLDREDHAT" ]; then
       if [ ! "$cache" = "$KRB5CCNAME" ]; then
         ccname="${cache/_$SUDO_UID/_${UID}_sudo_$SUDO_UID}_$$"
         export KRB5CCNAME="FILE:$ccname"
-        if cat "$cache" > "$ccname" 2>/dev/null; then
-          klist -s 2>/dev/null && kinit -R 2>/dev/null || kinit $PRINCIPAL
-        else
-          # XXX: Don't kinit every time if we aren't root.
-          # TODO: Split the "set my cache" and "get my credentials" parts so
-          #       that becoming a user other than root will work without
-          #       extraneous kinits.
-          rm "$ccname" 2>/dev/null
-        fi
+        (
+          umask 077
+          if cat "$cache" > "$ccname" 2>/dev/null; then
+            klist -s 2>/dev/null && kinit -R 2>/dev/null || kinit $PRINCIPAL
+          elif [ -n "$KRB5BASE64" ]; then
+            if [ -n "$KRB5OPENSSL" ]; then
+              builtin echo "$KRB5BASE64" | $KRB5OPENSSL enc -a -d -out "$ccname"
+            fi
+            unset KRB5BASE64 KRB5OPENSSL
+          else
+            # XXX: Don't kinit every time if we aren't root.
+            # TODO: Split the "set my cache" and "get my credentials" parts so
+            #       that becoming a user other than root will work without
+            #       extraneous kinits.
+            rm "$ccname" 2>/dev/null
+          fi
+        )
         trap "kdestroy 2>/dev/null" EXIT
       fi
     fi