Add kdo.

diff --git a/kdo/README b/kdo/README
new file mode 100644 (file)
index 0000000..9013cda
--- /dev/null
+++ b/kdo/README
@@ -0,0 +1,20 @@
+kdo is a series of shell functions for dealing with multiple Kerberos
+on Mac OS X.
+
+Add the contents of bashrc to your .bashrc file. To run a command with
+a different set of credentials from your default, run (e.g.)
+
+  kdo broder/root aklog
+
+If you don't currently have credentials for the principal you specify,
+you'll be prompted for the password.
+
+kdo by default gets nonforwardable tickets with a 15 minute lifetime,
+renewable for 60 minutes; you can change the kinit_args variable in
+kdo if you want to change these defaults.
+
+kdo doesn't behave well if you don't already have tickets of some
+form.
+
+This snippet also provides krootssh, which is a convenience function
+for using your root instance tickets to ssh into another machine.

diff --git a/kdo/bashrc b/kdo/bashrc
new file mode 100644 (file)
index 0000000..f6b5216
--- /dev/null
+++ b/kdo/bashrc
@@ -0,0 +1,26 @@
+function kfindcache {
+       klist -A | grep -A1 'Kerberos 5 ticket cache' | grep -iB1 "principal: .*$1" | head -n 1 | cut -f 2 -d "'"
+}
+
+function kdo {
+       local princ="$1"
+       shift;
+       local kinit_args="-l15m -r60m -F"
+       local cache=`kfindcache "$princ"`
+       if [ -n "$cache" ] && ! (KRB5CCNAME="$cache" klist -s "$cache"); then
+               KRB5CCNAME="$cache" kdestroy
+               cache=""
+       fi
+       if [ -z "$cache" ]; then
+               local oldcache=`klist | grep 'Kerberos 5 ticket cache' | cut -f 2 -d "'"`
+               kinit $kinit_args "$princ" || return 1
+               cache=`kfindcache "$princ"`
+               kswitch -c "$oldcache"
+       fi
+       echo "Running $1 with cache $cache (for principal $princ)" >&2
+       KRB5CCNAME="$cache" "$@"
+}
+
+function krootssh {
+       kdo ${ATHENA_USER:-$USER}}/root@ATHENA.MIT.EDU ssh -o "GSSAPIDelegateCredentials no" "$@"
+}