[OpenAFS] kerberos/afs tricks

Russ Allbery rra@stanford.edu
Thu, 28 Apr 2005 13:35:10 -0700


HM <hans@enem.nl> writes:

> I wonder if anyone can help me with this newbie problem.  I need some
> servers to have continuous access to the afs namespace. I don't like the
> ip address afs user approach too much and was wondering if there's a way
> to automatically acquire a generic ticket for
> "webserver/domain.dom@REALM" every 8 hours or so ? I noticed the
> transarc "reauth" utility but i think that won't work with my heimdal
> kerberos. What's the best way to do it ?

<http://www.eyrie.org/~eagle/software/kstart/>

I *think* it will compile fine against Heimdal, but I've not tried it.
Note that you have to run it inside the same PAG as your web server or run
them both outside of any PAGs.

If you have any trouble building against Heimdal, let me know and I may be
able to help.

-- 
Russ Allbery (rra@stanford.edu)             <http://www.eyrie.org/~eagle/>