cd
export TERMINFO=$BECOME_HOME/.terminfo
. $BECOME_HOME/.profile.d/ps1.bashrc
+. $BECOME_HOME/.profile.d/krb5.bashrc
__ps1
vim=$($BECOME_HOME/opt/bin/find_working vim 2>/dev/null)
if [ -n "$vim" ]; then
if [ -z "$OLDSOLARIS" -a -z "$OLDREDHAT" ]; then
if tty -s; then
- if [ $UID -gt 0 ]; then
+ if [ ! "$SUDO_UID" ]; then
if klist -s 2>/dev/null; then
# We already have a ticket cache. Renew it.
kinit -R &>/dev/null
# By now we should have found a cache if there's one to find.
klist -s 2>/dev/null || kinit
fi
- elif [ -n "$KRB5CCNAME" ]; then
+ elif [ ! -z "$KRB5CCNAME" ]; then
# Don't break permissions of inherited cache under sudo.
cache="${KRB5CCNAME##FILE:}"
if [ ! "$cache" = "$KRB5CCNAME" ]; then
ccname="${cache/_$SUDO_UID/_sudo_$SUDO_UID}_$$"
- cat "$cache" > "$ccname"
export KRB5CCNAME="FILE:$ccname"
- klist -s 2>/dev/null && kinit -R 2>/dev/null || kinit
+ if cat "$cache" > "$ccname" 2>/dev/null; then
+ klist -s 2>/dev/null && kinit -R 2>/dev/null || kinit $PRINCIPAL
+ else
+ # XXX: Don't kinit every time if we aren't root.
+ # TODO: Split the "set my cache" and "get my credentials" parts so
+ # that becoming a user other than root will work without
+ # extraneous kinits.
+ rm "$ccname" 2>/dev/null
+ fi
trap "kdestroy 2>/dev/null" EXIT
fi
fi
exit 1
fi
+PRINCIPAL=$(klist 2>/dev/null | sed -n 's/^Default principal: //p')
BECOME="$HOME/.become"
profile="$BECOME/$user"
[ -f "$profile" ] || profile="$BECOME/all"
-exec sudo -H -u "$user" env BECOME_HOME="$HOME" /bin/bash --rcfile "$profile"
+exec sudo -H -u "$user" env BECOME_HOME="$HOME" PRINCIPAL=$PRINCIPAL /bin/bash --rcfile "$profile"
git://git.iain.cx/iain / profile.git / commitdiff