[OpenAFS] Cron, script and keytab on Ubuntu x86

Sergio Gelato Sergio.Gelato@astro.su.se
Thu, 15 Feb 2007 19:12:08 +0100


* Jacob Volstrup [2007-02-15 17:02:49 +0100]:
> Now I just have to find out how to let each cronjob run in their very
> own environment. I have been looking at my pam configuration but cannot
> seem to find any errors or solutions. Maybe I need another option in my
> pam configuration?

I don't think fiddling with the PAM configuration will help.

What I would do is arrange for the cron job to start a subshell in a new
PAG, probably setting KRB5CCNAME to point to a credentials cache that's
unique to this job, and run your "R" script in that environment. Make
sure the subshell stays around until R completes (i.e., don't let it
background itself).

I like Heimdal kinit for this. From the man page:
	"If  a command is given, kinit will setup new credentials caches, 
	 and AFS PAG, and then run the given command. When it finishes the
	 credentials will be removed."
Available in Ubuntu 6.06 universe, in the heimdal-clients package.