Created
March 21, 2012 16:19
-
-
Save pmbuko/2149196 to your computer and use it in GitHub Desktop.
An AppleScript to interactively obtain/renew a kerberos ticket in Lion.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
try | |
-- test for Kerberos ticket presence and attempt to renew | |
do shell script "/usr/bin/klist | /usr/bin/grep krbtgt" | |
do shell script "/usr/bin/kinit -R" | |
on error | |
-- offer to renew Kerberos ticket | |
set response to (display dialog "No Kerberos ticket was found. Do you want to renew it?" with icon 2 buttons {"No", "Yes"} default button "Yes") | |
if button returned of response is "Yes" then | |
try | |
set thePassword to text returned of (display dialog "Enter your password:" default answer "" with hidden answer) | |
do shell script "/bin/echo '" & thePassword & "' | /usr/bin/kinit -l 10h -r 10h --password-file=STDIN" | |
display dialog "Kerberos ticket acquired." with icon 1 buttons {"OK"} default button 1 | |
on error | |
try | |
set thePassword to text returned of (display dialog "Password incorrect. Please try again:" default answer "" with icon 2 with hidden answer) | |
do shell script "/bin/echo '" & thePassword & "' | /usr/bin/kinit -l 10h -r 10h --password-file=STDIN" | |
display dialog "Kerberos ticket acquired." with icon 1 buttons {"OK"} default button 1 | |
on error | |
display dialog "Too many incorrect attempts. Stopping to avoid account lockout." with icon 2 buttons {"OK"} default button 1 | |
end try | |
end try | |
else -- if No is clicked | |
quit | |
end if | |
end try |
Actually, both lines 3 and 4 don't need variable assignment. The code comes from my ADPassMon app and I neglected to clean that part out. Now remedied.
Regarding line 7, this point is only reached if line 3 or 4 fails. Both these lines require no interaction. I figure a dialog box is nice before directly prompting the user for their password. It provides context.
Nice - makes sense.
Line 17 has a typo s/Kerboros/Kerberos
Thanks, Zack. Fixed typo.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
line 4: Doesn't look like renewKerb ever gets used.
Line 7: why not just try to renew out of the gate, without asking? If it succeeds, great. If not, then prompt, etc.