[OpenAFS] openafs and screen command - loosing tokens
Thomas Kula
kula@tproa.net
Fri, 13 Feb 2009 09:38:38 -0500
On Fri, Feb 13, 2009 at 01:19:27PM +0000, Vladimir Konrad wrote:
>
> Hello,
>
> I (+ my users) would like to run long running jobs under "screen" command, but currently
> the job looses access to afs after a user logs out.
>
> I tried running kinit + aklog within the "screen" session, but this makes no difference.
>
> Is there a way to open a screen command and get tokens specific to this session? I guess this
> is related to -setpag, but this is not reliable AFAIK.
My standard formula for running a screen session with long
running credentials is:
* Put yourself into a new pag by running
pagsh
* Make sure you have an independent kerberos credentials
cache:
export KRB5CCNAME=FILE:`mktemp /tmp/krb5cc.screen.XXXXXX`
* Get tickets, get tokens, cd to your home directory
* Run screen
Works like a charm for me. I wrote a little script called
"mypag" that does steps 1 and 2, runs a shell, and then
calls unlog and kdestroy when done. This is very handy
when I want to do something quickly with an administrative
instance --- keeps everything self-contained and when I'm
done the admin credentials go away and I'm back to my normal
creds. Of course, after the screen sesson is started,
re-attaching the conventional screen way is all you need
to do.
--
Thomas L. Kula | kula@tproa.net | http://kula.tproa.net/