alias kssh='ssh -o preferredauthentications=gssapi-with-mic'
alias pssh='ssh -o preferredauthentications=password,keyboard-interactive'
-if [ $UID -gt 0 -a -z "$OLDSOLARIS" -a -z "$OLDREDHAT" ]; then
+if [ -z "$OLDSOLARIS" -a -z "$OLDREDHAT" ]; then
if tty -s; then
- if klist -s 2>/dev/null; then
- # We already have a ticket cache. Renew it.
- kinit -R &>/dev/null
- else
- # Try to find an existing cache but only if we are using FILE: caches.
- default=$((unset KRB5CCNAME; klist 2>&1) | sed -n 's/.*FILE:\([^)]*\).*/\1/p')
- if [ ! -z "$default" ]; then
- # Check for Exceed onDemand stupidity.
- if [ "$KRB5CCNAME" = "FILE:" ]; then
- unset KRB5CCNAME
- fi
+ if [ $UID -gt 0 ]; then
+ if klist -s 2>/dev/null; then
+ # We already have a ticket cache. Renew it.
+ kinit -R &>/dev/null
+ else
+ # Try to find an existing cache but only if we are using FILE: caches.
+ default=$((unset KRB5CCNAME; klist 2>&1) | sed -n 's/.*FILE:\([^)]*\).*/\1/p')
+ if [ ! -z "$default" ]; then
+ # Check for Exceed onDemand stupidity.
+ if [ "$KRB5CCNAME" = "FILE:" ]; then
+ unset KRB5CCNAME
+ fi
- # Check for bogus FILE: KRB5CCNAME.
- if [ ! -z "$KRB5CCNAME" -a "${KRB5CCNAME##*:}" = "$KRB5CCNAME" ]; then
- export KRB5CCNAME="FILE:$KRB5CCNAME"
- fi
+ # Check for bogus FILE: KRB5CCNAME.
+ if [ ! -z "$KRB5CCNAME" -a "${KRB5CCNAME##*:}" = "$KRB5CCNAME" ]; then
+ export KRB5CCNAME="FILE:$KRB5CCNAME"
+ fi
- # Find the file.
- ccname="${KRB5CCNAME##FILE:}"
- if [ "$ccname" = "$KRB5CCNAME" ]; then
- # Our cache isn't a file cache. Throw it away.
- ccname="$default"
- unset KRB5CCNAME
- fi
+ # Find the file.
+ ccname="${KRB5CCNAME##FILE:}"
+ if [ "$ccname" = "$KRB5CCNAME" ]; then
+ # Our cache isn't a file cache. Throw it away.
+ ccname="$default"
+ unset KRB5CCNAME
+ fi
- # Remember if nullglob was on.
- shopt -q nullglob
- ng=$?
- # Turn it on so we can look for caches safely.
- shopt -s nullglob
-
- for cache in $default*; do
- if klist -s -c "$cache"; then
- if [ ! "$cache" = "$ccname" ]; then
- # It may not be safe to simply point the environment to this
- # cache as it may belong to a session which is about to end.
- # Therefore we copy it.
- cp -p "$cache" "$ccname" || continue
+ # Remember if nullglob was on.
+ shopt -q nullglob
+ ng=$?
+ # Turn it on so we can look for caches safely.
+ shopt -s nullglob
+
+ for cache in $default*; do
+ if klist -s -c "$cache"; then
+ if [ ! "$cache" = "$ccname" ]; then
+ # It may not be safe to simply point the environment to this
+ # cache as it may belong to a session which is about to end.
+ # Therefore we copy it.
+ cp -p "$cache" "$ccname" || continue
+ fi
+ kinit -R &>/dev/null
+ break
fi
- kinit -R &>/dev/null
- break
- fi
- done
+ done
+
+ # Maybe turn nocaseglob back off.
+ [ $ng = 0 ] || shopt -u nullglob
+ fi
- # Maybe turn nocaseglob back off.
- [ $ng = 0 ] || shopt -u nullglob
+ # By now we should have found a cache if there's one to find.
+ klist -s 2>/dev/null || kinit
+ fi
+ elif [ -n "$KRB5CCNAME" ]; then
+ # Don't break permissions of inherited cache under sudo.
+ cache="${KRB5CCNAME##FILE:}"
+ if [ ! "$cache" = "$KRB5CCNAME" ]; then
+ ccname="${cache/_$SUDO_UID/_sudo_$SUDO_UID}_$$"
+ cat "$cache" > "$ccname"
+ export KRB5CCNAME="FILE:$ccname"
+ klist -s 2>/dev/null && kinit -R 2>/dev/null || kinit
fi
fi
-
- # By now we should have found a cache if there's one to find.
- klist -s 2>/dev/null || kinit
fi
fi
git://git.iain.cx/iain / profile.git / commitdiff