[OpenAFS] Tokens and screen under linux
Harald Barth
haba@kth.se
Tue, 07 Jul 2009 11:30:03 +0200 (CEST)
> If you have a keytab, k5start will do the same thing for non-Heimdal,
> but we discourage users from generating keytabs for their personal
> accounts....
So I discovered that heimdal's kinit does not have a feature which
does this without password or keytab (which really astonished me,
because it has a lot of features allready). Look at this example:
Here I exeute a command "under heimdal kinit" (1) but if I try to do the
same with --renew (2) heimdal kinit ignores the command and renews the
tickets in my current cache instead.
1:
$ /usr/heimdal-1.2.1/bin/kinit haba@NADA.KTH.SE sh -xc ' klist ; sleep 30 ; klist'
haba@NADA.KTH.SE's Password:
+ klist
Ticket cache: FILE:/tmp/krb5cc_O38B1t
Default principal: haba@NADA.KTH.SE
Valid starting Expires Service principal
07/07/09 11:20:08 07/07/09 21:20:08 krbtgt/NADA.KTH.SE@NADA.KTH.SE
07/07/09 11:20:08 07/07/09 21:20:08 afs@NADA.KTH.SE
07/07/09 11:20:08 07/07/09 21:20:08 afs/pdc.kth.se@NADA.KTH.SE
+ sleep 30
+ klist
Ticket cache: FILE:/tmp/krb5cc_O38B1t
Default principal: haba@NADA.KTH.SE
Valid starting Expires Service principal
07/07/09 11:20:08 07/07/09 21:20:08 krbtgt/NADA.KTH.SE@NADA.KTH.SE
07/07/09 11:20:08 07/07/09 21:20:08 afs@NADA.KTH.SE
07/07/09 11:20:08 07/07/09 21:20:08 afs/pdc.kth.se@NADA.KTH.SE
2:
$ /usr/heimdal-1.2.1/bin/kinit --cache=$KRB5CCNAME --renew sh -xc ' klist ; sleep 30 ; klist'
#no sh is run
Or is there another syntax that would do the trick? Seems I have to read the source....
Harald.