[OpenAFS] home on afs woes

Jeffrey Hutzelman jhutz@cmu.edu
Fri, 13 Jan 2006 17:08:17 -0500

On Friday, January 13, 2006 11:00:14 AM -0800 Russ Allbery 
<rra@stanford.edu> wrote:

> Sergio Gelato <Sergio.Gelato@astro.su.se> writes:
>> I also like it that Heimdal's pagsh (kpagsh, in Debian) will generate a
>> new KRB5CCNAME, so that a subsequent kinit will not clobber the Kerberos
>> ccache of the parent process. OpenAFS's pagsh shouldn't (and doesn't) do
>> that since OpenAFS tries to be agnostic about where the tokens come from
>> (it doesn't have to be Kerberos 5).
> Yeah, OpenAFS has a pagsh.krb that does this for the K4 KRBTKFILE, but
> like most of the rest of the K4-only stuff, it's not installed in the
> Debian packages.

It does that because the *.krb utilities also maintain kerberos ticket 
files; for example, klog.krb will leave you with a TGT that you can use for 
other applications.

Those tools are deprecated, and IMHO a pagsh.krb5 would be inappropriate, 
unless we plan on shipping a complete suite of tools that manage krb5 
tickets, as we did for krb4.

-- Jeff