[OpenAFS-devel] Where is the right place for this question?

Derrick J Brashear shadow@dementia.org
Wed, 16 Jan 2002 14:00:54 -0500 (EST)


On Wed, 16 Jan 2002, Adam Thornton wrote:

> How do I provide for getting tickets [Dumb Question #1 Here] for users
> that cannot be prompted for passwords (for instance, mail delivery into
> AFS space)?  I don't especially want to have to patch all my services to
> be Kerberized-AFS aware.  As far as I can tell, pam_krb_5 is going to
> prompt me for a password.

with a keytab; you'll use ktutil to manipulate it and (presumably) kinit
with an option to read it to authenticate

> The obvious, but almost certainly wrong, answer I see that allows me to
> avoid having to modify the services themselves is to wrapper them in
> something that, say, runs an expect script that does a kinit as the
> appropriate principal, reads the password from an
> appropriately-protected local file, then does an aklog.  But, well, ugh.

a wrapper which does this reading from a keytab is the "right" answer