ceiling cat
Reputation: 5701
How do I check (in shell) whether I have a valid Kerberos ticket for a specific service?
I would like to be able to check (in my bash script) whether I have a valid unexpired ticket for a specific service. I can get this information by hand if I do klist, but it would be a bit of work to programmatically parse the expiration time, service principals, etc. Is there an easier way to do this? Thanks.
Upvotes: 10
Views: 19311
Answers (2)
Arthur
Reputation: 583
klist1 does not support the requested functionality. But it's not hard to write in bash, as @CharlesDuffy suggested:
if ! klist 2> /dev/null | grep -q 'Principal: <your account>@<your domain>'
then
echo "Error: a Kerberos ticket for <your account>@<your domain> is needed."
exit 1
fi
The 2> /dev/null discards klist's error output when no tickets are cached.
Upvotes: 1
robbie.huffman
Reputation: 485
Try klist -s, which should return a status code of 0 if you have a valid ticker, or 1 if not. You can then test that by looking at $?. For example:
if ! klist -s
then
echo "kerberos ticket not valid; please run kinit"
exit 1
fi
Upvotes: 18
Related Questions
- Kerberos klist is displaying no ticket
- Verify credentials with kerberos python
- How to obtain a kerberos service ticket via GSS-API?
- python: validate kerberos ticket
- How can I get a Kerberos ticket in Python
- Checking if Kerberos tickets exist in cache
- Verifying if the delegated kerberos credential is proper
- How to validate a Kerberos ticket against a server in Java?
- How can you programmatically tell when a Kerberos credential will expire?
- Is there a way to verify that Kerberos is used?