Add kinit-mpd.sh script, and mention it in the Kerberos post.

[blog.git] / posts / Kerberos / kinit-mpd.sh

diff --git a/posts/Kerberos/kinit-mpd.sh b/posts/Kerberos/kinit-mpd.sh
new file mode 100755 (executable)
index 0000000..1acd2d0
--- /dev/null
+++ b/posts/Kerberos/kinit-mpd.sh
@@ -0,0 +1,32 @@
+#!/bin/bash
+#
+# Copyright (C) 2011 W. Trevor King <wking@drexel.edu>
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU Lesser General Public License as
+# published by the Free Software Foundation, either version 3 of the
+# License, or (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# Lesser General Public License for more details.
+#
+# You should have received a copy of the GNU Lesser General Public
+# License along with this program.  If not, see
+# <http://www.gnu.org/licenses/>.
+
+# usage: kinit-mpd.sh
+#
+# Uses root permissions to assume `nobody` credentials from a central
+# keytab, and then transfers ownership of the resulting ticket to the
+# `mpd` user.
+
+ROOT_UID=$(id --user root)
+MPD_UID=$(id --user mpd)
+NOBODY_KEYTAB=/etc/krb5.nobody.keytab
+NOBODY_USER=nobody
+
+sudo kinit -k -t "${NOBODY_KEYTAB}" "${NOBODY_USER}"
+sudo mv "/tmp/krb5cc_${ROOT_UID}" "/tmp/krb5cc_${MPD_UID}"
+sudo chown mpd.audio "/tmp/krb5cc_${MPD_UID}"