[OpenAFS] OpenAFS implementation questions.
Fri, 09 Jun 2006 10:58:53 -0400
>> Well, you should be able to get tickets/tokens through ssh, either via
>> kerberos ticket passing or typing in a password. In those cases your
>> users can still run re-auth.
>> However for batch processes, well, there's just not much you can do.
>For batch processes, you pretty much have to allocate a separate principal
>with AFS access, create a keytab for it, and hack AFS authentication into
>your batch process using something like k5start.
(Yes, I know this is late; I've been on vacation).
We've done some work with Kerberos-aware batch systems. Some of them
actually work like they should work (you submit a job, forward your
credentials to the batch system, and it handles them for you during the
batch process). The one I did work with was LSF. There is another one
who's name I unfortunately forget now.