[OpenAFS-devel] Where is the right place for this question?
Derrick J Brashear
shadow@dementia.org
Wed, 16 Jan 2002 14:00:54 -0500 (EST)
On Wed, 16 Jan 2002, Adam Thornton wrote:
> How do I provide for getting tickets [Dumb Question #1 Here] for users
> that cannot be prompted for passwords (for instance, mail delivery into
> AFS space)? I don't especially want to have to patch all my services to
> be Kerberized-AFS aware. As far as I can tell, pam_krb_5 is going to
> prompt me for a password.
with a keytab; you'll use ktutil to manipulate it and (presumably) kinit
with an option to read it to authenticate
> The obvious, but almost certainly wrong, answer I see that allows me to
> avoid having to modify the services themselves is to wrapper them in
> something that, say, runs an expect script that does a kinit as the
> appropriate principal, reads the password from an
> appropriately-protected local file, then does an aklog. But, well, ugh.
a wrapper which does this reading from a keytab is the "right" answer