tspspi/krb5renew.sh

## krb5renew.sh
#!/bin/sh

# This script automatically renews renewable tickets
# of all users on a given machine (to prevent timeout
# for long running tasks of logged in users).
# It also removes expires tickets from cache files

: ${RENEWAL_THREASHOLD:=3600}
: ${VERBOSE:=0}
: ${LOGFILE:=/var/log/krb5renew.log}
: ${NO:=0}

logerror()
{
        echo "${1}" >> ${LOGFILE}
}

logdebug()
{
        if [ ${VERBOSE} -gt 0 ]; then
                echo "${1}" >> ${LOGFILE}
        fi
}

logdebug "Kerberos renewal run at `date`"
if [ ${NO} -gt 0 ]; then
        logdebug "Not doing anything"
fi

# Get every cache file
for CACHE_FILE in `find /tmp -type f -maxdepth 1 -name 'krb5cc*'`; do
        # First get owner name and group name
        OWNER=`ls -l ${CACHE_FILE} | awk '{print $3}'`
        GROUP=`ls -l ${CACHE_FILE} | awk '{print $4}'`

        # Determine expiration timestamp of ticket granting ticket
        # in cache file as well as current system timestamp

        EXPIRE_TIME_STRING=`klist -c ${CACHE_FILE} | grep krbtgt | awk '{print $3, $1, $2, $4}'`
        EXPIRE_TIMESTAMP=`date -j -f "%H:%M:%S %b %e %Y" "${EXPIRE_TIME_STRING}" +%s`
        CURRENT_TIMESTAMP=`date +%s`

        # Show some debug information

        logdebug " Renewal for ${OWNER}:${GROUP} in  ${CACHE_FILE}"
        logdebug "   Ticket expiry: ${EXPIRE_TIME_STRING}"
        logdebug "   Ticket expire time: ${EXPIRE_TIMESTAMP}"
        logdebug "   Current timestamp: ${CURRENT_TIMESTAMP}"
        logdebug "   Ticket is valid for the next `expr ${EXPIRE_TIMESTAMP} - ${CURRENT_TIMESTAMP}` seconds"

        # Check if the ticket has already expired

        if [ ${CURRENT_TIMESTAMP} -ge ${EXPIRE_TIMESTAMP} ]; then
                # Ticket has already expired. We will destroy the ticket store

                logdebug "   Cleaning expired (at ${EXPIRE_TIME_STRING}) for ${OWNER}:${GROUP} in ${CACHE_FILE}"
                if [ ${NO} -eq 0 ]; then
                        sudo -u ${OWNER} kdestroy -c ${CACHE_FILE} > /dev/null
                fi
        elif [ `expr ${EXPIRE_TIMESTAMP} - ${CURRENT_TIMESTAMP}` -le ${RENEWAL_THREASHOLD} ]; then
                # Ticket will expire in the next moments. We will try to renew the ticket

                logdebug "   Ticket at ${CACHE_FILE} for ${OWNER}:${GROUP} will expire in `expr ${EXPIRE_TIMESTAMP} - ${CURRENT_TIMESTAMP}` seconds. Trying renew."

                if [ ${NO} -eq 0 ]; then
                        sudo -u ${OWNER} kinit -R -c ${CACHE_FILE} > /dev/null
                fi

                if [ $? -ne 0 ]; then
                        logerror "   Failed to renew ${CACHE_FILE} for ${OWNER}:${GROUP}"
                else
                        logdebug "   Renewed tickets for ${OWNER}:${GROUP} at ${CACHE_FILE}"
                fi
        else
                # In any other case we do not touch the cachefile

                logdebug "   Not touching ticket. Valid for `expr ${EXPIRE_TIMESTAMP} - ${CURRENT_TIMESTAMP}` seconds"
        fi
done

logdebug ""
logdebug ""
	#!/bin/sh

	# This script automatically renews renewable tickets
	# of all users on a given machine (to prevent timeout
	# for long running tasks of logged in users).
	# It also removes expires tickets from cache files

	: ${RENEWAL_THREASHOLD:=3600}
	: ${VERBOSE:=0}
	: ${LOGFILE:=/var/log/krb5renew.log}
	: ${NO:=0}

	logerror()
	{
	echo "${1}" >> ${LOGFILE}
	}

	logdebug()
	{
	if [ ${VERBOSE} -gt 0 ]; then
	echo "${1}" >> ${LOGFILE}
	fi
	}

	logdebug "Kerberos renewal run at `date`"
	if [ ${NO} -gt 0 ]; then
	logdebug "Not doing anything"
	fi

	# Get every cache file
	for CACHE_FILE in `find /tmp -type f -maxdepth 1 -name 'krb5cc*'`; do
	# First get owner name and group name
	OWNER=`ls -l ${CACHE_FILE} \| awk '{print $3}'`
	GROUP=`ls -l ${CACHE_FILE} \| awk '{print $4}'`

	# Determine expiration timestamp of ticket granting ticket
	# in cache file as well as current system timestamp

	EXPIRE_TIME_STRING=`klist -c ${CACHE_FILE} \| grep krbtgt \| awk '{print $3, $1, $2, $4}'`
	EXPIRE_TIMESTAMP=`date -j -f "%H:%M:%S %b %e %Y" "${EXPIRE_TIME_STRING}" +%s`
	CURRENT_TIMESTAMP=`date +%s`

	# Show some debug information

	logdebug " Renewal for ${OWNER}:${GROUP} in ${CACHE_FILE}"
	logdebug " Ticket expiry: ${EXPIRE_TIME_STRING}"
	logdebug " Ticket expire time: ${EXPIRE_TIMESTAMP}"
	logdebug " Current timestamp: ${CURRENT_TIMESTAMP}"
	logdebug " Ticket is valid for the next `expr ${EXPIRE_TIMESTAMP} - ${CURRENT_TIMESTAMP}` seconds"

	# Check if the ticket has already expired

	if [ ${CURRENT_TIMESTAMP} -ge ${EXPIRE_TIMESTAMP} ]; then
	# Ticket has already expired. We will destroy the ticket store

	logdebug " Cleaning expired (at ${EXPIRE_TIME_STRING}) for ${OWNER}:${GROUP} in ${CACHE_FILE}"
	if [ ${NO} -eq 0 ]; then
	sudo -u ${OWNER} kdestroy -c ${CACHE_FILE} > /dev/null
	fi
	elif [ `expr ${EXPIRE_TIMESTAMP} - ${CURRENT_TIMESTAMP}` -le ${RENEWAL_THREASHOLD} ]; then
	# Ticket will expire in the next moments. We will try to renew the ticket

	logdebug " Ticket at ${CACHE_FILE} for ${OWNER}:${GROUP} will expire in `expr ${EXPIRE_TIMESTAMP} - ${CURRENT_TIMESTAMP}` seconds. Trying renew."

	if [ ${NO} -eq 0 ]; then
	sudo -u ${OWNER} kinit -R -c ${CACHE_FILE} > /dev/null
	fi

	if [ $? -ne 0 ]; then
	logerror " Failed to renew ${CACHE_FILE} for ${OWNER}:${GROUP}"
	else
	logdebug " Renewed tickets for ${OWNER}:${GROUP} at ${CACHE_FILE}"
	fi
	else
	# In any other case we do not touch the cachefile

	logdebug " Not touching ticket. Valid for `expr ${EXPIRE_TIMESTAMP} - ${CURRENT_TIMESTAMP}` seconds"
	fi
	done

	logdebug ""
	logdebug ""