[Casper] Kerberos destory script?

Mon Apr 13 09:10:56 PDT 2009

Have you tried setting this script as a login or logout hook? So rather than having Casper execute a policy it is just something that OS X will do every time someone logs into or out of the machine. 

Here is an Apple KB article on how to do this... http://support.apple.com/kb/HT2420. This particular article is about making a Login Hook, but you should be able to change the command text 'LoginHook' to 'LogoutHook' if it is something that you want to happen on logout instead. 

Andy Hakala
Technology Support
Hopkins High School
Hopkins, MN

-----Original Message-----
From: casper-bounces at list.jamfsoftware.com [mailto:casper-bounces at list.jamfsoftware.com] On Behalf Of casper-request at list.jamfsoftware.com
Sent: Saturday, April 11, 2009 2:01 PM
To: casper at list.jamfsoftware.com
Subject: Casper Digest, Vol 28, Issue 11

Send Casper mailing list submissions to
	casper at list.jamfsoftware.com

To subscribe or unsubscribe via the World Wide Web, visit
	http://list.jamfsoftware.com/mailman/listinfo/casper
or, via email, send a message with subject or body 'help' to
	casper-request at list.jamfsoftware.com

You can reach the person managing the list at
	casper-owner at list.jamfsoftware.com

When replying, please edit your Subject line so it is more specific
than "Re: Contents of Casper digest..."

Today's Topics:

   1. Kerberos destory script? (NATHANIEL.LINDLEY at spps.org)

----------------------------------------------------------------------

Message: 1
Date: Fri, 10 Apr 2009 15:56:21 -0500
From: NATHANIEL.LINDLEY at spps.org
Subject: [Casper] Kerberos destory script?
To: "Casper Listserv" <CASPER at LIST.JAMFSOFTWARE.COM>
Message-ID:
	<OFA45E2E0A.011F6D0B-ON86257594.00722BBD-86257594.0073D219 at spps.org>
Content-Type: text/plain; charset="us-ascii"

Little help on scripting please. 

I'm trying to get a logout script that will destroy the Kerberos ticket 
cache at logout.  I can make it work in Terminal but when pushed with 
Casper Remote or a policy it does nothing. 

This is all I have:

#!/bin/sh
##################################
# Destroy the Kerberos ticket of current user.
# Nathaniel Lindley for SPPS, April 10, 2009
##################################

kdestroy -a

What else do I need?   Strange thing is that this is the default behavior 
in 10.4 (to destroy kerberos ticket at logout) but not in 10.5, by design 
according to Apple.  The problem is that at one school, students login 
with a "student" generic local account and then connect to a server using 
their AD credentials from 10.5 client.  Then student logs out, and another 
student logs in, trys to Connect to Server and is already logged in as the 
previous student whose ticket is retained for 10 hours. 

Thanks for the help,
-Nathaniel
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20090410/85ae39d9/attachment.htm 

------------------------------

_______________________________________________
Casper mailing list
Casper at list.jamfsoftware.com
http://list.jamfsoftware.com/mailman/listinfo/casper

End of Casper Digest, Vol 28, Issue 11
**************************************