[OpenAFS] running processes in afs space
Brandon S. Allbery KF8NH
allbery@ece.cmu.edu
Tue, 10 Jul 2001 19:12:59 -0400
On Tuesday, July 10, 2001 19:01:10 -0400, Nicholas Basila
<nbasila@bottlecapnotes.com> wrote:
+-----
| I'm going to be running a perforce server in afs space, and I was
+--->8
Since perforce is client-server anyway, I'd think that a stunningly bad
idea.
| Assuming that I have a unix uid called perforce, and created an
| equivalent afs uid and a write-able volume for it: Do I have to have a
| script that first gets a token as the perforce user (hard coded
| password) or is there a better way? I could, of course, become the
+--->8
You have an even bigger problem: the token will expire eventually (the
default is 25 hours).
We solve that problem, in the cases where it must be solved (i.e. not stuff
that's already client-server) in either of two ways:
- use "reauth" (source freely available from Transarc) for one-shots;
- since we have an actual Kerberos infrastructure instead of the kaserver,
we use a background process and ksrvtgt+aklog from a srvtab to get and
periodically refresh tokens. (This *can* be done with a kaserver, but it's
more painful because you have to create the srvtab manually --- kas doesn't
know how to create one.)
--
brandon s. allbery [os/2][linux][solaris][freebsd] allbery@kf8nh.apk.net
system administrator [JAPH][WAY too many hats] allbery@ece.cmu.edu
electrical and computer engineering KF8NH
carnegie mellon university [linux: proof of the million monkeys theory]