[OpenAFS-devel] Re: setpag switch for afslog?

Andrei Maslennikov andrei@caspur.it
Tue, 24 Feb 2004 11:19:57 +0100 (MET)


On Mon, 23 Feb 2004, Russ Allbery wrote:
> 
> I was, amusingly, completely unaware of its existence until about a year
> ago and have never used it, despite having used and then maintained AFS
> for more than ten years now, so I can attest that it's definitely not
> necessary.
> 
 
  I cannot agree with this. We need "setpag" or "krb5_afs_pag_env" to be 
  able to obtain a pag-based token inside SSH in a cell that runs K5 KDC 
  in the place of kaserver. It might violate some principles, but it is 
  the only thing that works now. We have to be pragmatic and use what is 
  available today. I would happily jump to any other mechanism, provided 
  there is one. Since you say that this option is not necessary: could 
  you explain how you addressed this problem at your site?.

  BTW, I maintain AFS for more then ten years, and started to use
  ak(5)log and its components only after we have migrated to Heimdal, 
  and only because it helps me to solve the OpenSSH/AFSToken issue in 
  the K5 environment. There was no need to use it when we were running 
  kaserver.

  Andrei.