#!/bin/sh

#     DESCRIPTION
#
# set up krb5 ticket file name to a stable value 


#     REQUIRES
#


#     INFO
#

NAME="init3-krb5"

verbose()
{
    if [ -n "$GLOBAL_VERBOSE" ]; then
        echo "HOOK: $NAME: $@"
    fi
}

verbose "has started"

pmconf="/etc/security/pam_mount.conf.xml"

cifsmount='<cifsmount>/sbin/mount.cifs //%(SERVER)/%(VOLUME) %(MNTPT) -o %(OPTIONS)</cifsmount>\n<cifsumount>/sbin/umount.cifs %(MNTPT)</cifsumount>\n'

subst "s|<debug|$cifsmount<debug|" $pmconf


pamconf="/etc/pam.d/system-auth-krb5"

append_after="$(sed -n '/^auth[[:space:]]\+required/=' "$pamconf" | tail -n 1)"
test -n "$append_after" && sed -i -e "$append_after a auth     optional       pam_mount.so"  "$pamconf"
append_after="$(sed -n '/^session[[:space:]]\+required/=' "$pamconf" | tail -n 1)"
test -n "$append_after" && sed -i -e "$append_after a session  optional       pam_mount.so"  "$pamconf"
 
subst 's|pam_krb5.so use_first_pass$|pam_krb5.so use_first_pass ccache=/tmp/krb5cc_%u|' "$pamconf"
verbose "finished"
