From 403e010c5203a9ae418f4ed9636e4e56c6fafc02 Mon Sep 17 00:00:00 2001
From: Lexi Winter <lexi@le-fay.org>
Date: Wed, 4 Jun 2025 21:26:10 +0100
Subject: make program paths configurable

---
 kerberos.sh.in | 13 ++++++++++---
 1 file changed, 10 insertions(+), 3 deletions(-)

(limited to 'kerberos.sh.in')

diff --git a/kerberos.sh.in b/kerberos.sh.in
index 41d99c2..e29f9c3 100644
--- a/kerberos.sh.in
+++ b/kerberos.sh.in
@@ -15,6 +15,8 @@ TOKEN=$4
 # The token value we need to create.
 AUTH=$5
 
+_KINIT="$(_findbin kinit $ACME_KERBEROS_KINIT)"
+
 if [ "$#" -ne 5 ]; then
 	_fatal "missing arguments"
 fi
@@ -31,7 +33,12 @@ if [ -z "$ACME_KERBEROS_KEYTAB" ]; then
 	ACME_KERBEROS_KEYTAB="/etc/krb5.keytab"
 fi
 
-if ! kinit -k -t "$ACME_KERBEROS_KEYTAB" "$ACME_KERBEROS_PRINCIPAL"; then
+if ! [ -r "$ACME_KERBEROS_KEYTAB" ]; then
+	_fatal "keytab does not exist (or is not readable): %s" \
+		"$ACME_KERBEROS_KEYTAB"
+fi
+
+if ! $_KINIT -k -t "$ACME_KERBEROS_KEYTAB" "$ACME_KERBEROS_PRINCIPAL"; then
 	_fatal "failed to obtain a Kerberos ticket"
 fi
 
@@ -40,7 +47,7 @@ _add_record() {
 	local domain="$1"
 	local auth="$2"
 
-	nsupdate -g <<EOF
+	$_NSUPDATE -g <<EOF
 update add _acme-challenge.${DOMAIN}. 300 IN TXT "${AUTH}"
 send
 EOF
@@ -52,7 +59,7 @@ _remove_record() {
 	local domain="$1"
 	local auth="$2"
 
-	nsupdate -g <<EOF
+	$_NSUPDATE -g <<EOF
 update delete _acme-challenge.${DOMAIN}. 300 IN TXT "${AUTH}"
 send
 EOF
-- 
cgit v1.2.3