[OpenAFS] home on afs woes
Russ Allbery
rra@stanford.edu
Fri, 13 Jan 2006 11:00:14 -0800
Sergio Gelato <Sergio.Gelato@astro.su.se> writes:
> I also like it that Heimdal's pagsh (kpagsh, in Debian) will generate a
> new KRB5CCNAME, so that a subsequent kinit will not clobber the Kerberos
> ccache of the parent process. OpenAFS's pagsh shouldn't (and doesn't) do
> that since OpenAFS tries to be agnostic about where the tokens come from
> (it doesn't have to be Kerberos 5).
Yeah, OpenAFS has a pagsh.krb that does this for the K4 KRBTKFILE, but
like most of the rest of the K4-only stuff, it's not installed in the
Debian packages. It might be worthwhile to create a simple pagsh.krb5
that does the same thing for Kerberos v5, just because changing ticket
cache names securely is a little tricky to do portably in shell.
--
Russ Allbery (rra@stanford.edu) <http://www.eyrie.org/~eagle/>