[OpenAFS] afs and samba

Harald Barth haba@kth.se
Mon, 04 May 2009 10:41:13 +0200 (CEST)

> .. and declared the KRB5CCNAME with export ..

Yeah, forgot that.

> #!/bin/sh
> DATE=`date "+%Y%m%d%H%M.%S"`
> export KRB5CCNAME=/tmp/krb5cc_${USERNAME}${DATE}
> /usr/local/libexec/kimpersonate -s afs/mydomain@MYDOMAIN -c ${USERNAME}@MYDOMAIN -k AFSKEYFILE:/etc/KeyFile -t des-cbc-md5 -5
> afslog -c mydomain

Depending on your setup, you have to be careful in which pag your tokens ends up. You don't want users sharing tokens.

I'd only do the kimperonate as root and then do the afslog as $USERNAME.

> I assume that I will have to run a root postexec command that will destroy the tickets and tokens with kdestroy

I'd put that into the $USERNAME postexec because if all the users credentials are owned by the user, there should
be no need to do that as root.