[OpenAFS] k5start and AFS tokens
Benjamin Kaduk
kaduk@MIT.EDU
Fri, 26 Sep 2014 16:34:55 -0400 (EDT)
On Fri, 26 Sep 2014, Jaap Winius wrote:
> On 26/09/14 19:34, Brandon Allbery wrote:
>
> > This is because, if you specify a command, it runs that command and
> > then cleans up and exits. It's specifically intended to run a
> > long-running command or daemon while maintaining Kerberos tickets
> > and optionally AFS tokens for that command. Which leads to the
> > correct solution: instead of running your long running daemon and
> > having a separate k5start to maintain tickets/tokens for it, use
> > k5start to run the daemon so it can manage the tickets/tokens for it
> > directly.
>
> So, I was getting into trouble because aklog is not a long-running command?
> Anyway, the daemon in question doesn't understand Kerberos or AFS; I'm just
> trying to give an average daemon access to some files in AFS. I thought
> k5start and its -t option would suffice, but perhaps I wasn't using it
> properly.
It sounds like that's the case.
You want something like "k5start -t /path/to/long-running-command"
(include the other relevant arguments, of course).
Passing -t tells k5start to literally run 'aklog' (unless AKLOG is set in
the environment), not /path/to/long-running-command, when it gets tickets.
-Ben