2 # Get an AFS token for the given user.
4 # This is used to deliver mail with the appropriate credentials.
9 # - If user is root, call this script as $USER
11 # get-token $USER norecurse
12 # - Don't recursively call this script, even if user if root
16 LOGFILE
=/tmp
/exim
4/weird-error.log
18 if test "$REALUSER" = "root"; then
19 if test "$2" = "norecurse"; then
20 echo "Error: running as root even after trying to change to $USER" \
25 # Decide whether the user exists: getent returns 0 error code if so
26 getent passwd
"$USER" >/dev
/null
27 if test $?
-ne 0; then
28 echo "$USER is not a local user, so ignoring them" \
32 USER
=$
(getent passwd
"$1" | cut
-d':' -f 1)
33 exec su
$USER -c "$0 $1 norecurse"
37 # Make sure USER exists, and resolve UIDs to a login name
38 USER
=$
(getent passwd
"$USER" | cut
-d':' -f 1)
39 LOGFILE
=/tmp
/exim
4/get-token-log.
$USER
41 if test -z "$USER"; then
42 echo "$USER is not a local user, so ignoring them" \
43 >> /tmp
/exim
4/weird-error.log
47 # fuse stdin and stderr
50 # all future output goes to this file
54 echo "Running as user $REALUSER"
57 if test "$2" = "debug"; then
59 echo "Debugging output: $*"
62 # set the credentials cache
63 export KRB5CCNAME
=FILE
:/tmp
/exim
4/krb5cc_
$USER.email
65 # eliminate any previous tokens
68 KEYTAB
=/etc
/keytabs
/user.daemon
/$USER
70 # display command-to-be-invoked as a sanity check
71 echo kinit
-kt $KEYTAB $USER/daemon@HCOOP.NET
73 kinit
-kt $KEYTAB $USER/daemon@HCOOP.NET
76 # list tokens, for the sake of debugging