[OpenAFS-devel] aklog on MacOS X was Re: Service Ticket Questions

Harald Barth haba@pdc.kth.se
Tue, 28 Mar 2006 08:25:37 +0200 (MEST) 

> Except, as I mentioned in my previous message, that you screw people who 
> are trying to do things which depend on them being separate.  Like using 
> different identities for different cells at the same time.  Or running an 
> application which uses Kerberos in such a way that file accesses it does 
> don't automatically trigger using your credentials to access AFS.

*Waves hand*

Example (with the heimdal utils):

habarber:~$ kinit --no-afslog haba@NADA.KTH.SE
haba@NADA.KTH.SE's Password: 
habarber:~$ afslog -c pdc.kth.se 
habarber:~$ klist -T
Credentials cache: FILE:/tmp/krb5cc_22421
        Principal: haba@NADA.KTH.SE

  Issued           Expires          Principal
Mar 28 08:19:07  Mar 28 18:19:08  krbtgt/NADA.KTH.SE@NADA.KTH.SE
Mar 28 08:19:33  Mar 28 18:19:08  afs/pdc.kth.se@NADA.KTH.SE

Mar 28 08:19:33  Mar 28 18:19:08  User's (AFS ID 22421) tokens for pdc.kth.se
habarber:~$ export KRB5CCNAME=/tmp/whatever
habarber:~$ kinit --no-afslog haba@STACKEN.KTH.SE
haba@STACKEN.KTH.SE's Password: 
habarber:~$ afslog -c stacken.kth.se
habarber:~$ klist -T
Credentials cache: FILE:/tmp/whatever
        Principal: haba@STACKEN.KTH.SE

  Issued           Expires          Principal
Mar 28 08:20:11  Mar 28 18:20:12  krbtgt/STACKEN.KTH.SE@STACKEN.KTH.SE
Mar 28 08:20:20  Mar 28 18:20:12  afs@STACKEN.KTH.SE

Mar 28 08:19:33  Mar 28 18:19:08  User's (AFS ID 22421) tokens for pdc.kth.se
Mar 28 08:20:20  Mar 28 18:20:11  User's (AFS ID 22421) tokens for stacken.kth.se
habarber:~$ kdestroy --no-unlog
habarber:~$ klist -T
klist: No ticket file: /tmp/whatever

Mar 28 08:19:33  Mar 28 18:19:08  User's (AFS ID 22421) tokens for pdc.kth.se
Mar 28 08:20:20  Mar 28 18:20:11  User's (AFS ID 22421) tokens for stacken.kth.se
[Exit 1 ]
habarber:~$ unset KRB5CCNAME
habarber:~$ klist -T
Credentials cache: FILE:/tmp/krb5cc_22421
        Principal: haba@NADA.KTH.SE

  Issued           Expires          Principal
Mar 28 08:19:07  Mar 28 18:19:08  krbtgt/NADA.KTH.SE@NADA.KTH.SE
Mar 28 08:19:33  Mar 28 18:19:08  afs/pdc.kth.se@NADA.KTH.SE

Mar 28 08:19:33  Mar 28 18:19:08  User's (AFS ID 22421) tokens for pdc.kth.se
Mar 28 08:20:20  Mar 28 18:20:11  User's (AFS ID 22421) tokens for stacken.kth.se

Harald.