scheme shell

Wrap Heimdal Kinit

Heimdal (see is a popular Kerberos V implementation. It provides a kinit program that allows a user to obtain a Kerberos V ticket. For some purposes, such as running a demon that needs access to a AFS directory, it is useful to have a script that runs kinit. However, kinit is designed for interactive use: it prompts for a password on a tty.

Here is a scsh script that uses scsh-expect (see to communicate with kinit. The function run-kinit takes a user and a password as arguments and returns whether obtaining the ticket succeeded by returning #t or #f if it fails (for example if the password is wrong).

  exec scsh -lel expect/load.scm -o threads -o expect -e main -s "$0" "$@"

(define (run-kinit user password) (call-with-current-continuation (lambda (return) (let ((task (spawn ("kinit" ,user) (= 2 1)))) (chat task (chat-abort (rx "Password incorrect")) (chat-monitor (lambda (event value) (case event ((eof) (return (zero? (wait (task:process task))))) ((timeout abort) (return #f))))) (look-for (rx (: ,user "@" (+ (- any #\')) "'s Password:"))) (send/cr password) (look-for (rx (: #\space ,(ascii->char 13) ,(ascii->char 10)))) (look-for (rx (- any any))))))))

(define (main args) (if (not (= 3 (length args))) (begin (display "Usage: kinit-wrapper.scm <user> <password>\n" (current-error-port)) (exit 2)) (if (run-kinit (cadr args) (caddr args)) (exit 0) (exit 1))))


WrapHeimdalKinit - raw wiki source | code snippets archive