[OpenAFS] aklog -setpag doesn't get a token
FB
fbo2@gmx.net
Thu, 22 Mar 2007 14:42:59 +0100
Hi,
On Thu, Mar 22, 2007 at 02:04:23PM +0100, Sergio Gelato wrote:
> * FB [2007-03-22 12:13:51 +0100]:
> > Yes - but... 'aklog -setpag' actually creates a PAG. It just doesn't get a token.
> > This set of commands works and creates a PAG with a token in it:
> >
> > $ kinit
> > $ aklog -setpag
> > $ aklog
>
> Are you sure the PAG isn't a preexisting one?
Yes, I'm 100% sure.
[snip]
Here's a demonstration session:
$ unset KRB5CCNAME
$ ssh localhost
$ echo $$;id
31847
uid=10266(burk2) gid=15(kmem) Gruppen=15(kmem),24(cdrom),[...]
$ tokens
Tokens held by the Cache Manager:
--End of list--
$ kinit
Password for user@REALM:
$ echo $$;id
31847
uid=10266(burk2) gid=15(kmem) Gruppen=15(kmem),24(cdrom),[...]
$ aklog -setpag
31847
uid=10266(burk2) gid=15(kmem) Gruppen=34379,36420,15(kmem),24(cdrom),[...]
$ tokens
Tokens held by the Cache Manager:
--End of list--
$ echo $$;id
31946
uid=10266(burk2) gid=15(kmem) Gruppen=34379,36421,15(kmem),24(cdrom),[...]
Now let's get back grom the "sub-PAG":
$ exit
$ echo $$
31847
$ aklog
$ tokens
Tokens held by the Cache Manager:
User's (AFS ID 10266) tokens for afs@cbs.mpg.de [Expires Mar 23 16:34]
--End of list--
[...] is a replacement for lots of application specific groups with gid < 1002
Regards,
Frank