`kftp`). I don't use the non-Kerberized versions, so I haven't tried
any of these.
+If you're using [[MPD]] on an NFS-mounted music repository, you might
+be interested in my [[kinit-mpd.sh]] script for granting the `mpd`
+user access to the NFS-mounted music as the `nobody` principal.
+
[Kerberos]: http://web.mit.edu/kerberos/
[install]: http://web.mit.edu/kerberos/krb5-1.9/krb5-1.9.1/doc/krb5-install.html
[DNS]: http://web.mit.edu/kerberos/krb5-1.9/krb5-1.9.1/doc/krb5-admin.html#Using%20DNS
--- /dev/null
+#!/bin/bash
+#
+# Copyright (C) 2011 W. Trevor King <wking@drexel.edu>
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU Lesser General Public License as
+# published by the Free Software Foundation, either version 3 of the
+# License, or (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+# Lesser General Public License for more details.
+#
+# You should have received a copy of the GNU Lesser General Public
+# License along with this program. If not, see
+# <http://www.gnu.org/licenses/>.
+
+# usage: kinit-mpd.sh
+#
+# Uses root permissions to assume `nobody` credentials from a central
+# keytab, and then transfers ownership of the resulting ticket to the
+# `mpd` user.
+
+ROOT_UID=$(id --user root)
+MPD_UID=$(id --user mpd)
+NOBODY_KEYTAB=/etc/krb5.nobody.keytab
+NOBODY_USER=nobody
+
+sudo kinit -k -t "${NOBODY_KEYTAB}" "${NOBODY_USER}"
+sudo mv "/tmp/krb5cc_${ROOT_UID}" "/tmp/krb5cc_${MPD_UID}"
+sudo chown mpd.audio "/tmp/krb5cc_${MPD_UID}"
projects / blog.git / commitdiff