+# -*- mode: sh -*-
# kdo is a shell function for interacting with multiple Kerberos
# credential caches.
#
+# To use kdo, add this snippet to your .bashrc or .bashrc.mine file.
+#
# To run a command with a different set of credentials from your
# default, run
#
# interface to multiple credential caches by defining two functions:
#
# - kcaches::
-# Print one line per current credential cache of the form "<KRB5CCNAME> <PRINCIPAL>"
+# Print one line per current credential cache of the form "<PRINCIPAL> <KRB5CCNAME>"
# - knewcache::
# Without changing the current credentials cache, get credentials
# for the principal in $1, passing the remaining arguments to
# CONFIGURATION
kdo_args=(-l15m -r60m -F)
-# CC interface for OS X
-if [ "Darwin" = "$(uname)" ]; then
+# CC interface for OS X or modern MIT krb5
+if type kswitch &>/dev/null; then
kcaches () {
- klist -A | awk '/^Kerberos 5 ticket cache:/ {cache = $5; princline=NR+1} NR==princline {print substr(cache, 2, length(cache)-2), $3}'
+ klist -A | perl -ne '$cache = $1 if /^(?:Kerberos 5 ticket|Ticket|Credentials) cache: '\''?(.*)'\''?/; print "$1 $cache\n" if /^(?:Default p|P)rincipal: (.*)$/'
}
knewcache () {
princ="$1"; shift
- local oldcache="$(klist | grep 'Kerberos 5 ticket cache' | cut -f 2 -d "'")"
+ local oldcache="$(klist | perl -ne 'print $1 if /^(?:Kerberos 5 ticket|Ticket|Credentials) cache: '\''?(.*)'\''?/')"
+ # " # <-- emacs thinks there's an unbalanced " on the previous line.
kinit "$@" "$princ" || return 1
cache="$(kfindcache "$princ")"
# On OS X, kinit will switch your default credential cache to
# If kcaches and knewcache have been defined for this platform, then
# setup kdo. Otherwise, add a helpful error.
-if hash kcaches &>/dev/null && hash knewcache &>/dev/null; then
+if type kcaches &>/dev/null && type knewcache &>/dev/null; then
kfindcache () {
- kcaches | fgrep "$1" | awk '{print $1}'
+ kcaches | fgrep "$1" | cut -d' ' -f2-
}
kdo () {
# destroy that cache so we don't try to use it again and clear
# $cache so that we'll revert to acquiring a new set of
# tickets
- if [ -n "$cache" ] && ! klist -s "$cache"; then
+ if [ -n "$cache" ] && ! (KRB5CCNAME="$cache" klist -s); then
KRB5CCNAME="$cache" kdestroy
cache=""
fi
local cur
COMPREPLY=()
cur="${COMP_WORDS[COMP_CWORD]}"
- opts="$(kcaches | awk '{ print $2 }')"
+ opts="$(kcaches | awk '{ print $1 }')"
case $COMP_CWORD in
1)
COMPREPLY=($(compgen -W "${opts}" -- "${cur}"))
COMPREPLY=($(compgen -c -- "${cur}"))
esac
}
- complete -o bashdefault -F _kdo kdo
+ if type complete &>/dev/null; then
+ complete -o bashdefault -F _kdo kdo
+ fi
- krootssh () {
- kdo ${ATHENA_USER:-$USER}/root@ATHENA.MIT.EDU ssh -o GSSAPIDelegateCredentials=no "$@"
- }
else
kdo () {
echo "kdo has not been ported to this platform yet." >&2
return 1
}
-
- krootssh () {
- echo "kdo has not been ported to this plastform yet." >&2
- return 1
- }
fi
+krootssh () {
+ kdo ${ATHENA_USER:-$USER}/root@ATHENA.MIT.EDU ssh -o GSSAPIDelegateCredentials=no "$@"
+}
+
+krootscp () {
+ kdo ${ATHENA_USER:-$USER}/root@ATHENA.MIT.EDU scp -o GSSAPIDelegateCredentials=no "$@"
+}