2 # Get an AFS token for the given user.
4 # This is used to deliver mail with the appropriate credentials.
9 # - If user is root, call this script as $USER
11 # get-token $USER norecurse
12 # - Don't recursively call this script, even if user if root
16 LOGFILE
=/var
/local
/mail-tokens
/weird-error.log
18 echo "`date` $REALUSER $USER (`groups`): $@" >> $LOGFILE
19 #ps -eo euser,ruser,suser,fuser,comm,pid --ppid=$PPID --pid=$PPID --forest >> $LOGFILE
21 if test "$REALUSER" = "root"; then
22 if test "$2" = "norecurse"; then
23 echo "Error: running as root even after trying to change to $USER" \
28 # Decide whether the user exists: getent returns 0 error code if so
29 getent passwd
"$USER" >/dev
/null
30 if test $?
-ne 0; then
31 echo "$USER is not a local user, so ignoring them" \
35 USER
=$
(getent passwd
"$1" | cut
-d':' -f 1)
36 exec sudo
-u $USER -- $0 $1 norecurse
40 # Make sure USER exists, and resolve UIDs to a login name
41 USER
=$
(getent passwd
"$USER" | cut
-d':' -f 1)
42 LOGFILE
=/var
/local
/mail-tokens
/get-token-log.
$USER
44 if test -z "$USER"; then
45 echo "$USER is not a local user, so ignoring them" \
46 >> /var
/local
/mail-tokens
/weird-error.log
50 # fuse stdin and stderr
53 # all future output goes to this file
57 echo "Running as user $REALUSER"
60 if test "$2" = "debug"; then
62 echo "Debugging output: $*"
68 # set the credentials cache
69 export KRB5CCNAME
=FILE
:/var
/local
/mail-tokens
/krb5cc_
$USER.email
71 # eliminate any previous tokens
74 KEYTAB
=/etc
/keytabs
/user.daemon
/$USER
76 # display command-to-be-invoked as a sanity check
81 krenew
-vtH 30 ||
(kinit
-V -kt $KEYTAB $USER/daemon@HCOOP.NET
&& aklog
)
83 # list tokens, for the sake of debugging
86 ) 666>/var
/local
/mail-tokens
/lock.
$USER