[OpenAFS-devel] Re: setpag switch for afslog?
Andrei Maslennikov
andrei@caspur.it
Tue, 24 Feb 2004 11:19:57 +0100 (MET)
On Mon, 23 Feb 2004, Russ Allbery wrote:
>
> I was, amusingly, completely unaware of its existence until about a year
> ago and have never used it, despite having used and then maintained AFS
> for more than ten years now, so I can attest that it's definitely not
> necessary.
>
I cannot agree with this. We need "setpag" or "krb5_afs_pag_env" to be
able to obtain a pag-based token inside SSH in a cell that runs K5 KDC
in the place of kaserver. It might violate some principles, but it is
the only thing that works now. We have to be pragmatic and use what is
available today. I would happily jump to any other mechanism, provided
there is one. Since you say that this option is not necessary: could
you explain how you addressed this problem at your site?.
BTW, I maintain AFS for more then ten years, and started to use
ak(5)log and its components only after we have migrated to Heimdal,
and only because it helps me to solve the OpenSSH/AFSToken issue in
the K5 environment. There was no need to use it when we were running
kaserver.
Andrei.