[OpenAFS] Re: OpenAFS and Samba
Brandon S. Allbery KF8NH
allbery@ece.cmu.edu
20 Jul 2003 20:05:09 +0000
On Sun, 2003-07-20 at 19:50, Leif Johansson wrote:
> Frank Cameron wrote:
> >I saw a posting to openafs-info in which you said:
> >
> > If you allow your samba server to have access to the AFS key (hey
> > it's a fileserver anyway and should be protected as such) you can
> > use a program (it's actually in the heimdal distro) which lets you
> > create the users afs ticket in a root preexec statement.
> >
> >I was wondering, what is that utility.
> >
> It is called kimpersonate and (I believe) it is part of the heimdal distro.
If not, then given a keytab for the user you can always do
kauth --cache=FILE:some_unique_file_name --afslog \
--keytab=/path/to/keytab --lifetime=86400 user
or some such. (If all you want is the token then you can put this in a
script which does the kauth with a temporary ticket cache and
immediately unlinks the cache, leaving the token in the kernel.)
--
brandon s. allbery [os/2][linux][solaris][japh] allbery@kf8nh.apk.net
system administrator [WAY too many hats] allbery@ece.cmu.edu
electrical and computer engineering KF8NH
carnegie mellon university ["better check the oblivious first" -ke6sls]