#!/usr/bin/bash
#
# Try to renew credentials for any user with a client-keytab
#

CLIENT_KEYTAB_DIR=/var/kerberos/krb5/user

for account in $(find "$CLIENT_KEYTAB_DIR" -mindepth 1 -maxdepth 1 -type d -printf '%P\n'); do
        if [ -f "$CLIENT_KEYTAB_DIR/$account/client.keytab" ]; then
                sudo -n -u "$account" /bin/sh -c  'kinit -ki | logger -t kinit -p auth.notice'
        fi
done
