[OpenAFS] Cron, script and keytab on Ubuntu x86
Douglas E. Engert
deengert@anl.gov
Thu, 15 Feb 2007 17:05:06 -0600
Russ Allbery wrote:
> Douglas E Engert <deengert@anl.gov> writes:
>
>> OK, so it looks like a no problem with the pam_openafs_session.so
>> deleting the token.
>
>> What is really needed is a pam_* that just gets a PAG.
>
> pam-afs-session does this when there is no Kerberos ticket.
Then why was he having problems in the first place?
It appeared that his problewm was not being in a PAG problem.
and his pam.d configuration implied pam_openafs_session was being called.
You had said:
> pam_openafs_session will blow away tokens acquired by cron jobs when the
> PAM session for the cron job closes.
>
> You have a few options. One is that you could use k5start inside your
> cron job, since it creates a new PAG and then runs the command with
> tickets and tokens inside that PAG.
If so and the two jobs are in different PAGs, it should not
have caused his problem. Only if they are not in a PAG
would this be a problem.
>
--
Douglas E. Engert <DEEngert@anl.gov>
Argonne National Laboratory
9700 South Cass Avenue
Argonne, Illinois 60439
(630) 252-5444