• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
Kerberos ticket renewal 10.7
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Kerberos ticket renewal 10.7

  • Subject: Kerberos ticket renewal 10.7
  • From: Raul Santos <email@hidden>
  • Date: Fri, 30 Mar 2012 11:15:24 -0400
Trying to use it with casper but as a policie it runs at root neet help using this script

Determine the current user as the policy runs as root and you need tickets for the logged in user not root:

user=`/usr/bin/who | /usr/bin/grep console | /usr/bin/cut -d " " -f 1`
echo "identified user is $user"

Determine when the users ticket is set to expire and later use this time to attempt to renew if within a threshold you determine. (ie. if ticket expires within x, then attempt to renew)

sudo -u lets you run as the user rather than for root.

kexpire=`sudo -u $user klist | grep krbtgt | awk '{print $3, $4}'`

use the -r option with kinit to attempt to renew.

or request a ticket if the ticket has expired.

echo '' | sudo -u $user kinit -l 10h

try
-- test for Kerberos ticket presence and attempt to renew
set kerb to do shell script "/usr/bin/klist | /usr/bin/grep krbtgt"
set renewKerb to do shell script "/usr/bin/kinit -R"
on error
-- offer to renew Kerberos ticket
set response to (display dialog "No Kerberos ticket was found. Do you want to renew it?" with icon 2 buttons {"No", "Yes"} default button "Yes")
if button returned of response is "Yes" then
try
set thePassword to text returned of (display dialog "Enter your password:" default answer "" with hidden answer)
do shell script "/bin/echo '" & thePassword & "' | /usr/bin/kinit -l 10h -r 10h --password-file=STDIN"
display dialog "Kerberos ticket acquired." with icon 1 buttons {"OK"} default button 1
on error
try
set thePassword to text returned of (display dialog "Password incorrect. Please try again:" default answer "" with icon 2 with hidden answer)
do shell script "/bin/echo '" & thePassword & "' | /usr/bin/kinit -l 10h -r 10h --password-file=STDIN"
display dialog "Kerboros ticket acquired." with icon 1 buttons {"OK"} default button 1
on error
display dialog "Too many incorrect attempts. Stopping to avoid account lockout." with icon 2 buttons {"OK"} default button 1
end try
end try
else -- if No is clicked
quit
end if
end try
 _______________________________________________
Do not post admin requests to the list. They will be ignored.
AppleScript-Users mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:
Archives: http://lists.apple.com/archives/applescript-users

This email sent to email@hidden
  • Prev by Date: Re: Mounting A Disk
  • Next by Date: Re: Mounting A Disk
  • Previous by thread: Re: Mounting A Disk
  • Index(es):
    • Date
    • Thread