[Casper] Kerberos destory script?
Ryan Harter
rharter at uwsp.edu
Sun Apr 12 11:03:02 PDT 2009
Looks like the problem is that this script is run as root, who doesn't
have a kerberos ticket to destroy. To run it as the logging out user
use 'su' and $3 for the username:
su $3 -c "kdestroy -a"
That should do it.
Ryan Harter
UW - Stevens Point
Workstation Developer
715.346.2716
Ryan.Harter at uwsp.edu
On Apr 10, 2009, at 3:56 PM, NATHANIEL.LINDLEY at spps.org wrote:
> Little help on scripting please.
>
> I'm trying to get a logout script that will destroy the Kerberos
> ticket cache at logout. I can make it work in Terminal but when
> pushed with Casper Remote or a policy it does nothing.
>
> This is all I have:
>
> #!/bin/sh
> ##################################
> # Destroy the Kerberos ticket of current user.
> # Nathaniel Lindley for SPPS, April 10, 2009
> ##################################
>
> kdestroy -a
>
>
> What else do I need? Strange thing is that this is the default
> behavior in 10.4 (to destroy kerberos ticket at logout) but not in
> 10.5, by design according to Apple. The problem is that at one
> school, students login with a "student" generic local account and
> then connect to a server using their AD credentials from 10.5
> client. Then student logs out, and another student logs in, trys to
> Connect to Server and is already logged in as the previous student
> whose ticket is retained for 10 hours.
>
> Thanks for the help,
> -Nathaniel
> <ATT00001.txt>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20090412/f2e0023d/attachment.html
More information about the Casper
mailing list