From b4caaf036df5eb9e23f6e7e2992d2f3e1a64f38f Mon Sep 17 00:00:00 2001
From: Raphael Dannecker <raphael.dannecker@steinbeisschule-reutlingen.de>
Date: Mon, 6 Oct 2025 13:11:04 +0200
Subject: [PATCH] Implement timeout for krb5 ticket retrieval during VPN
 connections

---
 roles/lmn_vpn/files/10-lmn-mount.sh | 19 ++++++++++++-------
 1 file changed, 12 insertions(+), 7 deletions(-)

diff --git a/roles/lmn_vpn/files/10-lmn-mount.sh b/roles/lmn_vpn/files/10-lmn-mount.sh
index 6f42725..b19724c 100755
--- a/roles/lmn_vpn/files/10-lmn-mount.sh
+++ b/roles/lmn_vpn/files/10-lmn-mount.sh
@@ -13,19 +13,24 @@ if [[ "$CONNECTION_ID" = "VPN-Schule" ]]; then
     # Exit if server is already mounted
     findmnt /srv/samba/schools/default-school > /dev/null && exit 0
 
-    if ! klist -s  -c "${KRB5CCNAME}"; then
-      #echo "try to renew KRB5-Ticket" >&2
-      #sudo -u "${USERNAME}" kinit -R -c "${KRB5CCNAME}"
-      echo "KRB5-Ticket is expired. Sleep 3 seconds and hope it will be renewed after." >&2
-      sleep 3
-    fi
+    counter=1
+    while ! klist -s -c "${KRB5CCNAME}"; do
+      (( counter > 30 )) && exit 0
+      echo "KRB5-Ticket is expired. Sleep 1 seconds and hope it will be renewed after." >&2
+      # if (( counter == 10 )); then
+      #   echo "try to renew KRB5-Ticket" >&2
+      #   sudo -u "${USERNAME}" kinit -R -c "${KRB5CCNAME}"
+      # fi
+      sleep 1
+      ((counter++))
+    done
 
     echo "prepare mountpoints" >&2
     umask 0002
     mkdir -p /srv/samba/schools/default-school
     chmod 777  /srv/samba/schools/default-school
     mkdir -p "/lmn/media/${USERNAME}/share"
-    
+
     mount -t cifs //server/default-school/ /srv/samba/schools/default-school \
           -o "sec=krb5i,cruid=${USERID},user=${USERNAME},uid=${USERID},gid=${GROUPID},file_mode=0700,dir_mode=0700,mfsymlinks,nobrl,actimeo=600,cache=loose,echo_interval=10"
 	  echo "after mount" >&2