Generic handling of SSH_FORWARDED overrides.

[profile.git] / .profile.d / krb5.bashrc

alias kssh='ssh -o preferredauthentications=gssapi-with-mic'
alias pssh='ssh -o preferredauthentications=password,keyboard-interactive'

if [ $UID -gt 0 -a -z "$OLDSOLARIS" -a -z "$OLDREDHAT" ]; then
  if tty -s; then
    if klist -s 2>/dev/null; then
      # We already have a ticket cache.  Renew it.
      kinit -R &>/dev/null
    else
      # Try to find an existing cache but only if we are using FILE: caches.
      default=$((unset KRB5CCNAME; klist 2>&1) | sed -n 's/.*FILE:\([^)]*\).*/\1/p')
      if [ ! -z "$default" ]; then
        # Check for bogus FILE: KRB5CCNAME.
        if [ ! -z "$KRB5CCNAME" -a "${KRB5CCNAME##*:}" = "$KRB5CCNAME" ]; then 
          export KRB5CCNAME="FILE:$KRB5CCNAME"
        fi

        # Find the file.
        ccname="${KRB5CCNAME##FILE:}"
        if [ "$ccname" = "$KRB5CCNAME" ]; then
          # Our cache isn't a file cache.  Throw it away.
          ccname="$default"
          unset KRB5CCNAME
        fi

        # Remember if nullglob was on.
        shopt -q nullglob
        ng=$?
        # Turn it on so we can look for caches safely.
        shopt -s nullglob

        for cache in $default*; do
          if klist -s -c "$cache"; then
            if [ ! "$cache" = "$ccname" ]; then
              # It may not be safe to simply point the environment to this 
              # cache as it may belong to a session which is about to end.  
              # Therefore we copy it.
              cp -p "$cache" "$ccname" || continue
            fi
            kinit -R &>/dev/null
            break
          fi
        done

        # Maybe turn nocaseglob back off.
        [ $ng = 0 ] || shopt -u nullglob
      fi
    fi

    # By now we should have found a cache if there's one to find.
    klist -s 2>/dev/null || kinit
  fi
fi

unset cache ccname default ng