[OpenAFS-devel] Where is the right place for this question?
Harald Barth
haba@pdc.kth.se
Wed, 16 Jan 2002 20:55:25 +0100 (CET)
In additon to Derrick's answer:
To write into AFS space you need a token. That is manufactured from a
ticket. Tickets can be found in a file and tokens in the kernel.
When I authenticated today I first got a ticket granting ticket which
identifies me:
Credentials cache: FILE:/tmp/krb5cc_22421
Principal: haba@NADA.KTH.SE
Issued Expires Principal
Jan 16 20:49:33 Jan 17 06:49:33 krbtgt/NADA.KTH.SE@NADA.KTH.SE
Then I got from that an AFS service ticket:
Jan 16 20:49:34 Jan 17 06:49:33 afs@NADA.KTH.SE
This ticket was used to make a token:
Jan 16 20:49:34 Jan 17 06:49:33 User's (AFS ID 22421) tokens for nada.kth.se
The output lines were taken from the output of /usr/heimdal/bin/klist -T
If I would like to deliver files into AFS I'd do the following.
* Make an AFS identity (say mailman)
* Give that AFS identity the rights to insert and/or append
at the right places in the AFS tree, it won't need all
rights
* Check out a keytab (srvtab in v4) for mailman and
store in safe place
* Let the delivery agent use that srvtab when it needs tokens
Harald.