From 45fb1b72065d46a90b4379793989d519512dec7b Mon Sep 17 00:00:00 2001 From: Iain Patterson Date: Fri, 17 Apr 2009 10:19:03 +0000 Subject: [PATCH] Smarter krb5 cache initialisation. If we don't have valid credentials but there are some useful credentials somewhere then copy those credentials into our cache. git-svn-id: https://svn.cambridge.iain.cx/profile/trunk@186 6be0d1a5-5cfe-0310-89b6-964be062b18b --- .profile.d/krb5.bashrc | 52 ++++++++++++++++++++++++++++++++++++++++++++++---- 1 file changed, 48 insertions(+), 4 deletions(-) diff --git a/.profile.d/krb5.bashrc b/.profile.d/krb5.bashrc index 12b8ea1..a0fdd52 100644 --- a/.profile.d/krb5.bashrc +++ b/.profile.d/krb5.bashrc @@ -1,12 +1,56 @@ # $Id$ alias kssh='ssh -o preferredauthentications=gssapi-with-mic' alias pssh='ssh -o preferredauthentications=password,keyboard-interactive' -if [ $UID -gt 0 ]; then + +if [ $UID -gt 0 -a -z "$OLDSOLARIS" -a -z "$OLDREDHAT" ]; then if tty -s; then - if klist -s; then - kinit -R + if klist -s 2>/dev/null; then + # We already have a ticket cache. Renew it. + kinit -R &>/dev/null else - kinit + # Try to find an existing cache but only if we are using FILE: caches. + default=$((unset KRB5CCNAME; klist 2>&1) | sed -n 's/.*FILE:\([^)]*\).*/\1/p') + if [ ! -z "$default" ]; then + # Check for bogus FILE: KRB5CCNAME. + if [ ! -z "$KRB5CCNAME" -a "${KRB5CCNAME##*:}" = "$KRB5CCNAME" ]; then + export KRB5CCNAME="FILE:$KRB5CCNAME" + fi + + # Find the file. + ccname="${KRB5CCNAME##FILE:}" + if [ "$ccname" = "$KRB5CCNAME" ]; then + # Our cache isn't a file cache. Throw it away. + ccname="$default" + unset KRB5CCNAME + fi + + # Remember if nullglob was on. + shopt -q nullglob + ng=$? + # Turn it on so we can look for caches safely. + shopt -s nullglob + + for cache in $default*; do + if klist -s -c "$cache"; then + if [ ! "$cache" = "$ccname" ]; then + # It may not be safe to simply point the environment to this + # cache as it may belong to a session which is about to end. + # Therefore we copy it. + cp -p "$cache" "$ccname" || continue + fi + kinit -R &>/dev/null + break + fi + done + + # Maybe turn nocaseglob back off. + [ $ng = 0 ] || shopt -u nullglob + fi fi + + # By now we should have found a cache if there's one to find. + klist -s 2>/dev/null || kinit fi fi + +unset cache ccname default ng -- 2.7.4