[OpenAFS] openafs and screen command - loosing tokens

Thomas Kula kula@tproa.net
Fri, 13 Feb 2009 09:38:38 -0500


On Fri, Feb 13, 2009 at 01:19:27PM +0000, Vladimir Konrad wrote:
> 
> Hello,
> 
> I (+ my users) would like to run long running jobs under "screen" command, but currently
> the job looses access to afs after a user logs out.
> 
> I tried running kinit + aklog within the "screen" session, but this makes no difference.
> 
> Is there a way to open a screen command and get tokens specific to this session? I guess this
> is related to -setpag, but this is not reliable AFAIK.

My standard formula for running a screen session with long
running credentials is:

 * Put yourself into a new pag by running

    pagsh

 * Make sure you have an independent kerberos credentials
   cache:

    export KRB5CCNAME=FILE:`mktemp /tmp/krb5cc.screen.XXXXXX`

 * Get tickets, get tokens, cd to your home directory

 * Run screen

Works like a charm for me. I wrote a little script called
"mypag" that does steps 1 and 2, runs a shell, and then
calls unlog and kdestroy when done. This is very handy
when I want to do something quickly with an administrative
instance --- keeps everything self-contained and when I'm
done the admin credentials go away and I'm back to my normal
creds. Of course, after the screen sesson is started, 
re-attaching the conventional screen way is all you need 
to do.


-- 
Thomas L. Kula | kula@tproa.net | http://kula.tproa.net/