#!/bin/bash
# Get an AFS token for the given user.
#
# This is used to deliver mail with the appropriate credentials.

# fuse stdin and stderr
exec 2>&1
USER=$1

# all future output goes to this file
exec >&/tmp/get-token-log.$USER

# check that setuid happened
whoami

# set the credentials cache
export KRB5CCNAME=FILE:/tmp/krb5cc_$USER.email

# eliminate any previous tokens
kdestroy
unlog
KEYTAB=/etc/keytabs/user.daemon/$USER

# display command-to-be-invoked as a sanity check
echo kinit -kt $KEYTAB $USER/daemon@HCOOP.NET

kinit -kt $KEYTAB $USER/daemon@HCOOP.NET
aklog

# list tokens, for the sake of debugging
#tokens