#!/bin/ksh
# IBM_PROLOG_BEGIN_TAG 
# This is an automatically generated prolog. 
#  
# bos720 src/bos/usr/lib/nim/methods/config_rpcsec_client.sh 1.2 
#  
# Licensed Materials - Property of IBM 
#  
# Restricted Materials of IBM 
#  
# COPYRIGHT International Business Machines Corp. 2007 
# All Rights Reserved 
#  
# US Government Users Restricted Rights - Use, duplication or 
# disclosure restricted by GSA ADP Schedule Contract with IBM Corp. 
#  
# IBM_PROLOG_END_TAG 

#   initialize script variables
USER="nim"
TARFILE="/tmp/SlimClientImage.tar"
TARSRC="/tftpboot/SlimClientImage.tar"


function create_user { #	creates a system user for KDC client entry
	#	if user isn't specified w/ -u, default to nim
	if ! `/usr/sbin/lsuser -c $USER >/dev/null 2>&1`
	then
		/usr/bin/mkuser -a $USER || exit 1
		/usr/bin/passwd $USER
	fi
	return 0
}


function get_SlimImage { #	tftp the slim image from the master
	#	obtain address of nim master
	. /etc/niminfo

	#	get the image from tftpboot dir, must exist
	/usr/bin/tftp -o $TARFILE $NIM_MASTER_HOSTNAME $TARSRC image
	if [[ $? -ne 0 ]]; then
		print "Unable to retrieve $TARSRC from $NIM_MASTER_HOSTNAME"
		exit 1
	fi

	#	untar image
	/usr/bin/tar -xvf $TARFILE || exit 1
	return 0
}
	

function init_principal { #	enable user principal
	#   verify logon principal
	#	NOTE:  Passwd for principal must be known
	#	       user must obtained from KDC admin
	/usr/krb5/bin/kinit ${USER} || exit 1
	/usr/krb5/bin/klist 
	return 0
}


# set parameters from command line
while getopts :u:v c
do
	case ${c} in

		u)		# define system user
				USER=${OPTARG}
				;;
		
		v)		# verbose mode (for debugging)
				set -x
				for i in $(typeset +f)
				do
					typeset -ft $i
				done
				;;

		\?)		# unknown option
				print "Usage config_rpcsec_client:  Creates a KDC Slim Client using NIM server files"
				print "      config_rpcsec_client [-u <user>] [-v]"
				print ""
				exit 1
				;;
	esac
done

#	NOTE:  This file is dependant on the values used when configuring KDC
#	       on the NIM master.  The config_rcpsec_server script is the best
#	       place to look if a user would like to create their own script.

#	check install of fileset dependency
/usr/bin/lslpp -l krb5.lic krb5.client.rte modcrypt.base.lib
[[ $? -ne 0 ]] && exit 1 || /usr/bin/sleep 2

#   obtain new krb5 ticket
unset KRB5CCNAME

#	define KDC / NFS client
create_user
get_SlimImage
init_principal

#	clean / recycle nfs services
/etc/nfs.clean
chnfs -S -B
/etc/rc.nfs

exit 0
#	done