An AppleScript to interactively obtain/renew a kerberos ticket in Lion.

renewLionKerb.scpt

try
	-- test for Kerberos ticket presence and attempt to renew
	do shell script "/usr/bin/klist | /usr/bin/grep krbtgt"
	do shell script "/usr/bin/kinit -R"
on error
	-- offer to renew Kerberos ticket
	set response to (display dialog "No Kerberos ticket was found. Do you want to renew it?" with icon 2 buttons {"No", "Yes"} default button "Yes")
	if button returned of response is "Yes" then
		try
			set thePassword to text returned of (display dialog "Enter your password:" default answer "" with hidden answer)
			do shell script "/bin/echo '" & thePassword & "' | /usr/bin/kinit -l 10h -r 10h --password-file=STDIN"
			display dialog "Kerberos ticket acquired." with icon 1 buttons {"OK"} default button 1
		on error
			try
				set thePassword to text returned of (display dialog "Password incorrect. Please try again:" default answer "" with icon 2 with hidden answer)
				do shell script "/bin/echo '" & thePassword & "' | /usr/bin/kinit -l 10h -r 10h --password-file=STDIN"
				display dialog "Kerberos ticket acquired." with icon 1 buttons {"OK"} default button 1
			on error
				display dialog "Too many incorrect attempts. Stopping to avoid account lockout." with icon 2 buttons {"OK"} default button 1
			end try
		end try
	else -- if No is clicked
		quit
	end if
end try

line 4: Doesn't look like renewKerb ever gets used.

Line 7: why not just try to renew out of the gate, without asking? If it succeeds, great. If not, then prompt, etc.

Actually, both lines 3 and 4 don't need variable assignment. The code comes from my ADPassMon app and I neglected to clean that part out. Now remedied.

Regarding line 7, this point is only reached if line 3 or 4 fails. Both these lines require no interaction. I figure a dialog box is nice before directly prompting the user for their password. It provides context.

Nice - makes sense.

Line 17 has a typo s/Kerboros/Kerberos

Thanks, Zack. Fixed typo.