Wrap Heimdal Kinit

Heimdal (see http://www.pdc.kth.se/heimdal/) is a popular Kerberos V implementation. It provides a kinit program that allows a user to obtain a Kerberos V ticket. For some purposes, such as running a demon that needs access to a AFS directory, it is useful to have a script that runs kinit. However, kinit is designed for interactive use: it prompts for a password on a tty.

Here is a scsh script that uses scsh-expect (see http://www.scsh.net/resources/varia.html) to communicate with kinit. The function run-kinit takes a user and a password as arguments and returns whether obtaining the ticket succeeded by returning #t or #f if it fails (for example if the password is wrong).

  #!/bin/sh
  exec scsh -lel expect/load.scm -o threads -o expect -e main -s "$0" "$@"
  !#

  (define (run-kinit user password)
    (call-with-current-continuation
     (lambda (return)
       (let ((task (spawn ("kinit" ,user) (= 2 1))))
         (chat task
  	       (chat-abort (rx "Password incorrect"))
 	       (chat-monitor 
	         (lambda (event value)
  		   (case event
		     ((eof) (return (zero? (wait (task:process task)))))
		     ((timeout abort) (return #f)))))
	     (look-for (rx (: ,user "@" (+ (- any #\')) "'s Password:")))
	     (send/cr password)
	     (look-for (rx (: #\space ,(ascii->char 13) ,(ascii->char 10))))
	     (look-for (rx (- any any))))))))

  (define (main args)
    (if (not (= 3 (length args)))
        (begin
	  (display "Usage: kinit-wrapper.scm <user> <password>\n" 
	  	   (current-error-port))
	  (exit 2))
         (if (run-kinit (cadr args) (caddr args))
 	    (exit 0)
 	    (exit 1))))

-Eric

WrapHeimdalKinit - raw wiki source | code snippets archive