-#!/bin/sh
+#!/bin/bash
+# vim:expandtab:shiftwidth=4:softtabstop=4:tabstop=4:
+
+#
+# krb5_login.sh - obtain and cache Kerberos ticket-granting ticket
+#
+###############################################################################
#
# nothing need for root
#
-if [ $UID -eq 0 ]; then
- exit 0
-fi
+[ $UID -eq 0 ] && exit 0
-if [ -z "$KRB5DIR" ]; then
- KRB5DIR=/usr/kerberos
-fi
+#
+# list Kerberos 5 credentials silently
+# exit status:
+# 0 - klist finds a credentials cache
+# 1 - klist does not find a credentials cache or the tickets are expired
+#
+klist -5 -s && exit 0
-$KRB5DIR/bin/klist -5 -s
-invalid=$?
+# get the user name for uid $UID
+GSS_USER=$(getent passwd $UID | cut -d: -f1)
-if [ $invalid -eq 0 ]; then
- exit 0
-fi
+GSS_PASS=${GSS_PASS:-"$GSS_USER"}
echo "***** refresh Kerberos V5 TGT for uid $UID *****"
if [ -z "$GSS_PASS" ]; then
- $KRB5DIR/bin/kinit
+ kinit
else
expect <<EOF
set timeout 30
"user@host $ "
}
-send "$KRB5DIR/bin/kinit\r"
+send "kinit\r"
expect {
timeout {puts "timeout" ;exit 1}
"Password for "