From: Evan Broder Date: Tue, 3 Feb 2009 02:50:20 +0000 (-0500) Subject: Add kdo. X-Git-Url: https://snippets.scripts.mit.edu/gitweb.cgi/Scripts/git/.git/commitdiff_plain/416df4e89fa2c64675db803e878b8ed444d2c3e9 Add kdo. --- diff --git a/kdo/README b/kdo/README new file mode 100644 index 0000000..9013cda --- /dev/null +++ b/kdo/README @@ -0,0 +1,20 @@ +kdo is a series of shell functions for dealing with multiple Kerberos +on Mac OS X. + +Add the contents of bashrc to your .bashrc file. To run a command with +a different set of credentials from your default, run (e.g.) + + kdo broder/root aklog + +If you don't currently have credentials for the principal you specify, +you'll be prompted for the password. + +kdo by default gets nonforwardable tickets with a 15 minute lifetime, +renewable for 60 minutes; you can change the kinit_args variable in +kdo if you want to change these defaults. + +kdo doesn't behave well if you don't already have tickets of some +form. + +This snippet also provides krootssh, which is a convenience function +for using your root instance tickets to ssh into another machine. diff --git a/kdo/bashrc b/kdo/bashrc new file mode 100644 index 0000000..f6b5216 --- /dev/null +++ b/kdo/bashrc @@ -0,0 +1,26 @@ +function kfindcache { + klist -A | grep -A1 'Kerberos 5 ticket cache' | grep -iB1 "principal: .*$1" | head -n 1 | cut -f 2 -d "'" +} + +function kdo { + local princ="$1" + shift; + local kinit_args="-l15m -r60m -F" + local cache=`kfindcache "$princ"` + if [ -n "$cache" ] && ! (KRB5CCNAME="$cache" klist -s "$cache"); then + KRB5CCNAME="$cache" kdestroy + cache="" + fi + if [ -z "$cache" ]; then + local oldcache=`klist | grep 'Kerberos 5 ticket cache' | cut -f 2 -d "'"` + kinit $kinit_args "$princ" || return 1 + cache=`kfindcache "$princ"` + kswitch -c "$oldcache" + fi + echo "Running $1 with cache $cache (for principal $princ)" >&2 + KRB5CCNAME="$cache" "$@" +} + +function krootssh { + kdo ${ATHENA_USER:-$USER}}/root@ATHENA.MIT.EDU ssh -o "GSSAPIDelegateCredentials no" "$@" +}