alias kssh='ssh -o preferredauthentications=gssapi-with-mic' alias pssh='ssh -o preferredauthentications=password,keyboard-interactive' if [ -z "$OLDSOLARIS" -a -z "$OLDREDHAT" ]; then if tty -s; then if [ $UID -gt 0 ]; then if klist -s 2>/dev/null; then # We already have a ticket cache. Renew it. kinit -R &>/dev/null else # Try to find an existing cache but only if we are using FILE: caches. default=$((unset KRB5CCNAME; klist 2>&1) | sed -n 's/.*FILE:\([^)]*\).*/\1/p') if [ ! -z "$default" ]; then # Check for Exceed onDemand stupidity. if [ "$KRB5CCNAME" = "FILE:" ]; then unset KRB5CCNAME fi # Check for bogus FILE: KRB5CCNAME. if [ ! -z "$KRB5CCNAME" -a "${KRB5CCNAME##*:}" = "$KRB5CCNAME" ]; then export KRB5CCNAME="FILE:$KRB5CCNAME" fi # Find the file. ccname="${KRB5CCNAME##FILE:}" if [ "$ccname" = "$KRB5CCNAME" ]; then # Our cache isn't a file cache. Throw it away. ccname="$default" unset KRB5CCNAME fi # Remember if nullglob was on. shopt -q nullglob ng=$? # Turn it on so we can look for caches safely. shopt -s nullglob for cache in $default*; do if klist -s -c "$cache"; then if [ ! "$cache" = "$ccname" ]; then # It may not be safe to simply point the environment to this # cache as it may belong to a session which is about to end. # Therefore we copy it. cp -p "$cache" "$ccname" || continue fi kinit -R &>/dev/null break fi done # Maybe turn nocaseglob back off. [ $ng = 0 ] || shopt -u nullglob fi # By now we should have found a cache if there's one to find. klist -s 2>/dev/null || kinit fi elif [ -n "$KRB5CCNAME" ]; then # Don't break permissions of inherited cache under sudo. cache="${KRB5CCNAME##FILE:}" if [ ! "$cache" = "$KRB5CCNAME" ]; then ccname="${cache/_$SUDO_UID/_sudo_$SUDO_UID}_$$" cat "$cache" > "$ccname" export KRB5CCNAME="FILE:$ccname" klist -s 2>/dev/null && kinit -R 2>/dev/null || kinit trap "kdestroy 2>/dev/null" EXIT fi fi fi fi unset cache ccname default ng