[OpenAFS] home on afs woes

Russ Allbery rra@stanford.edu
Fri, 13 Jan 2006 11:00:14 -0800

Sergio Gelato <Sergio.Gelato@astro.su.se> writes:

> I also like it that Heimdal's pagsh (kpagsh, in Debian) will generate a
> new KRB5CCNAME, so that a subsequent kinit will not clobber the Kerberos
> ccache of the parent process. OpenAFS's pagsh shouldn't (and doesn't) do
> that since OpenAFS tries to be agnostic about where the tokens come from
> (it doesn't have to be Kerberos 5).

Yeah, OpenAFS has a pagsh.krb that does this for the K4 KRBTKFILE, but
like most of the rest of the K4-only stuff, it's not installed in the
Debian packages.  It might be worthwhile to create a simple pagsh.krb5
that does the same thing for Kerberos v5, just because changing ticket
cache names securely is a little tricky to do portably in shell.

Russ Allbery (rra@stanford.edu)             <http://www.eyrie.org/~eagle/>