[OpenAFS] OpenAFS implementation questions.

[Ken Hornstein]

>> Well, you should be able to get tickets/tokens through ssh, either via
>> kerberos ticket passing or typing in a password.  In those cases your
>> users can still run re-auth.
>
>> However for batch processes, well, there's just not much you can do.
>
>For batch processes, you pretty much have to allocate a separate principal
>with AFS access, create a keytab for it, and hack AFS authentication into
>your batch process using something like k5start.

(Yes, I know this is late; I've been on vacation).

We've done some work with Kerberos-aware batch systems.  Some of them
actually work like they should work (you submit a job, forward your
credentials to the batch system, and it handles them for you during the
batch process).  The one I did work with was LSF.  There is another one
who's name I unfortunately forget now.

--Ken