[OpenAFS] Is infinite ticket lifetime possible?

rogbazan rogbazan <rogbazan@gmail.com>
Thu, 5 May 2005 11:40:07 -0500


i would recommend that any automated process no depends on AFS.
Believe me! you will avoid many headaches, because of time out,
offline volumes, etc.
You could, instead, store files locally and manually copy them as
posible as you can!
regards

On 5/5/05, Russ Allbery <rra@stanford.edu> wrote:
> Chris Crowther <chris@jm-crowther.co.uk> writes:
> > Alvin Chan wrote:
>=20
> >> From the document, the maximum ticket lifetime for authentication is
> >> 720 hours. But what if I want the ticket never expire? Is it possible
> >> to do this?
>=20
> > As far as I'm aware: no; for the simple reason that you shouldn't be
> > doing it.  If something needs to have permissions for extended amounts
> > of time the chances are it's a server or dedicate host of some variety;
> > you should be using a machine ACL instead.
>=20
> I would not recommend using machine ACLs.  The permission they grant is a
> bit broad (anything on the machine, rather than a particular user plus
> root), and they have some interesting quirks in how the file server
> notices new ones.
>=20
> Rather, I would recommend using a keytab (or srvtab if you're using K4)
> combined with something like:
>=20
>     <http://www.eyrie.org/~eagle/software/kstart/>
>=20
> or one of the several other programs that does similar things to maintain
> a ticket cache and token for your program.
>=20
> --
> Russ Allbery (rra@stanford.edu)             <http://www.eyrie.org/~eagle/=
>
> _______________________________________________
> OpenAFS-info mailing list
> OpenAFS-info@openafs.org
> https://lists.openafs.org/mailman/listinfo/openafs-info
>