2 # Get an AFS token for the given user.
4 # This is used to deliver mail with the appropriate credentials.
9 # - If user is root, call this script as $USER
11 # get-token $USER norecurse
12 # - Don't recursively call this script, even if user if root
16 LOGFILE
=/tmp
/exim
4/get-token-log.
$USER
18 if test "$REALUSER" = "root"; then
20 echo "Error: running as root even after trying to change to $USER" \
25 # Decide whether the user exists: getent returns 0 error code if so
26 getent passwd
"$USER" >/dev
/null
27 if test $?
-ne 0; then
28 echo "$USER is not a local user, so ignoring them"
31 exec su
$USER -c "$0 $1 norecurse"
35 # Make sure USER exists, and resolve UIDs to a login name
36 USER
=$
(getent passwd
"$USER" | cut
-d':' -f 1)
38 if test -z "$USER"; then
39 echo "$USER is not a local user, so ignoring them"
43 # fuse stdin and stderr
46 # all future output goes to this file
50 echo "Running as user $REALUSER"
52 # set the credentials cache
53 export KRB5CCNAME
=FILE
:/tmp
/exim
4/krb5cc_
$USER.email
55 # eliminate any previous tokens
58 KEYTAB
=/etc
/keytabs
/user.daemon
/$USER
60 # display command-to-be-invoked as a sanity check
61 echo kinit
-kt $KEYTAB $USER/daemon@HCOOP.NET
63 kinit
-kt $KEYTAB $USER/daemon@HCOOP.NET
66 # list tokens, for the sake of debugging