get-token

   1 #!/bin/bash
   2 # Get an AFS token for the given user.
   3 #
   4 # This is used to deliver mail with the appropriate credentials.
   5 #
   6 # Usage:
   7 #
   8 # get-token $USER
   9 # - If user is root, call this script as $USER
  10 #
  11 # get-token $USER norecurse
  12 # - Don't recursively call this script, even if user if root
  13
  14 REALUSER=$(whoami)
  15 USER=$1
  16 LOGFILE=/tmp/exim4/get-token-log.$USER
  17
  18 if test "$REALUSER" = "root"; then
  19     if test -n "$2"; then
  20         echo "Error: running as root even after trying to change to $USER" \
  21             > $LOGFILE
  22         exit 1
  23     fi
  24
  25     # Decide whether the user exists: getent returns 0 error code if so
  26     getent passwd "$USER" >/dev/null
  27     if test $? -ne 0; then
  28         echo "$USER is not a local user, so ignoring them"
  29         exit 1
  30     else
  31         exec su $USER -c "$0 $1 norecurse"
  32     fi
  33 fi
  34
  35 # Make sure USER exists, and resolve UIDs to a login name
  36 USER=$(getent passwd "$USER" | cut -d':' -f 1)
  37
  38 if test -z "$USER"; then
  39     echo "$USER is not a local user, so ignoring them"
  40     exit 1
  41 fi
  42
  43 # fuse stdin and stderr
  44 exec 2>&1
  45
  46 # all future output goes to this file
  47 exec >& $LOGFILE
  48
  49 # print name of user
  50 echo "Running as user $REALUSER"
  51
  52 # set the credentials cache
  53 export KRB5CCNAME=FILE:/tmp/exim4/krb5cc_$USER.email
  54
  55 # eliminate any previous tokens
  56 kdestroy
  57 unlog
  58 KEYTAB=/etc/keytabs/user.daemon/$USER
  59
  60 # display command-to-be-invoked as a sanity check
  61 echo kinit -kt $KEYTAB $USER/daemon@HCOOP.NET
  62
  63 kinit -kt $KEYTAB $USER/daemon@HCOOP.NET
  64 aklog
  65
  66 # list tokens, for the sake of debugging
  67 #tokens