[OpenAFS] home on afs woes
Sergio Gelato
Sergio.Gelato@astro.su.se
Fri, 13 Jan 2006 10:49:49 +0100
* Juha J=E4ykk=E4 [2006-01-13 09:05:09 +0200]:
> As what comes to kinit, its not setting the pag is a surprise to me after
> all the praise of Heimdal's supposedly good integration with AFS.=20
Sometimes you want to start a new PAG, and sometimes you want to add or
refresh credentials in your current PAG.
Actually, Heimdal kinit will start a new PAG when given an explicit
command to run; try
kinit <your-principal> id
and compare the PAG you get with that of the parent process.
I also like it that Heimdal's pagsh (kpagsh, in Debian) will generate=20
a new KRB5CCNAME, so that a subsequent kinit will not clobber the Kerberos=
=20
ccache of the parent process. OpenAFS's pagsh shouldn't (and doesn't) do=20
that since OpenAFS tries to be agnostic about where the tokens come from=20
(it doesn't have to be Kerberos 5).