Bobbis.net

The following is a quick and dirty AppleScript I created to deal with activating a different Kerberos realm after login using a different or multiple kerberos realms. For example, you authenticate your users on an AD that is not connected with a realm the user uses for email (Eudora). Set this script to run at login, and it will mount a file server using the computer login ticket, prompt the user for the second realm username and password then change the active user to the other realm so they can check their email. With this script that I made, I now feel confident that I can move our Mac users onto the domain. Hopefully this will be helpful for others who are trying to do the same thing.

set serverString to "smb://your.server.tld/"
set shareString to "sharename"
set userString to "$USER"
set realmString to "REALM.TLD"

tell application "Finder"
	open location serverString & shareString
	set founded to false
	repeat while founded is false
		set thename to the name of every Finder window
		if thename contains shareString then
			set founded to true
			close window shareString
		end if
		delay 1
	end repeat
end tell
tell application "Kerberos"
	launch
	set w to first window
	set visible of w to 0
	get tickets
	quit
end tell
do shell script "kswitch -p " & userString & "@" & realmString