4 # KDC could be on remote hosts, but we suppose lgssd/lsvcgssd only
8 export KDCHOST=${KDCHOST:-"localhost"}
9 export KDCDIR=${KDCDIR:-"/usr/kerberos/sbin"}
10 export KRB5DIR=${KRB5DIR:-"/usr/kerberos"}
11 export LGSSD=${LGSSD:-"/usr/sbin/lgssd"}
12 export SVCGSSD=${SVCGSSD:-"/usr/sbin/lsvcgssd"}
13 export PDSH=${PDSH:-"ssh"}
15 export CHECK_KDC=${CHECKKDC:-"no"}
18 if [ "x$1" != "xkrb5i" -a "x$1" != "xkrb5p" ]; then
26 if [ `using_krb5_sec $SECURITY` == 'n' ] ; then
30 if [ "x$CHECK_KDC" == "xno" ]; then
34 num=`$PDSH $KDCHOST "PATH=\$PATH:$KDCDIR; ps ax | grep krb5kdc | grep -v "grep" | wc -l"`
35 if [ $num -eq 1 ]; then
39 $PDSH $KDCHOST "PATH=\$PATH:$KDCDIR; krb5kdc"
40 num=`$PDSH $KDCHOST "PATH=\$PATH:$KDCDIR; ps ax | grep krb5kdc | grep -v "grep" | wc -l"`
41 if [ $num -ne 1 ]; then
42 echo "fail to start krb5 KDC, check env KDCHOST and KDCDIR"
48 prepare_krb5_cache() {
49 if [ `using_krb5_sec $SECURITY` == 'n' ] ; then
53 $KRB5DIR/bin/klist -5 -s
55 if [ $invalid -eq 0 ]; then
60 # check installed service keytab for root
62 if [ $UID -eq 0 ]; then
63 output=`$KRB5DIR/bin/klist -5 -k`
65 item=`echo $output | egrep "lustre_mds/.*@"`
66 if [ "x$item" != "x" ]; then
67 echo "Using service keytab"
73 echo "***** refresh Kerberos V5 TGT for uid $UID *****"
74 if [ -z "$GSS_PASS" ]; then
82 set spawnid [spawn /bin/bash]
83 send "export PS1=\"user@host $ \" \r"
85 timeout {puts "timeout" ;exit 1}
89 send "$KRB5DIR/bin/kinit\r"
91 timeout {puts "timeout" ;exit 1}
97 timeout {puts "timeout" ;exit 1}
109 if [ `using_krb5_sec $SECURITY` == 'n' ] ; then
113 killall -q -9 lsvcgssd || true
116 num=`ps -o cmd -C "lsvcgssd" | grep lsvcgssd | wc -l`
117 if [ $num -ne 1 ]; then
118 echo "failed to start lsvcgssd"
125 killall -q -9 lsvcgssd || true
130 if [ `using_krb5_sec $SECURITY` == 'n' ] ; then
134 prepare_krb5_cache || exit 1
136 killall -q -9 lgssd || true
139 num=`ps -o cmd -C "lgssd" | grep lgssd | wc -l`
140 if [ $num -ne 1 ]; then
141 echo "failed to start lgssd $num"
148 killall -q -9 lgssd || true