[OpenAFS] Cron, script and keytab on Ubuntu x86

Douglas E. Engert deengert@anl.gov
Thu, 15 Feb 2007 17:05:06 -0600

Russ Allbery wrote:
> Douglas E Engert <deengert@anl.gov> writes:
>> OK, so it looks like a no problem with the pam_openafs_session.so
>> deleting the token.
>> What is really needed is a pam_* that just gets a PAG.
> pam-afs-session does this when there is no Kerberos ticket.

Then why was he having problems in the first place?
It appeared that his problewm was not being in a PAG problem.
and his pam.d configuration implied pam_openafs_session was being called.

You had said:
> pam_openafs_session will blow away tokens acquired by cron jobs when the
> PAM session for the cron job closes.
> You have a few options.  One is that you could use k5start inside your
> cron job, since it creates a new PAG and then runs the command with
> tickets and tokens inside that PAG.

If so and the two jobs are in different PAGs, it should not
have caused his problem. Only if they are not in a PAG
would this be a problem.



  Douglas E. Engert  <DEEngert@anl.gov>
  Argonne National Laboratory
  9700 South Cass Avenue
  Argonne, Illinois  60439
  (630) 252-5444