[OpenAFS] Problems giving a daemon process permanent access to AFS

Bastian dea1306@melvex.xs4all.nl
Thu, 01 Feb 2007 21:17:53 +0100

Hello all,

I am running an unattended daemon process that needs access to the AFS 

I have some scripts running from /etc/init.d/ under a specific user, 
getting the kerberos credentials, getting the tokens and then running 
the process. This works fine... until the tokens expire.

In this case, losing access to the files under /afs makes the process 
abort. I tried to keep the process running, by using a cron-job under 
the same user, that gets fresh credentials and tokens. Still, the 
process aborts the moment the original tokens expire.

As far a I understand, the process should retain access to /afs, using 
the new tokens, because tokens created by daemon processes are bound to 
the user only.  I assumed that processes started from init.d and 
processes started from cron that run under the same user share the tokens.

Does anyone know why this doesn't work? Or is there a better way to do this?

I am using Debian 4.0, Kerberos5 1.4.4 and OpenAFS 1.4.2

Thanks in advance.