[OpenAFS] k5start and AFS tokens

[Benjamin Kaduk]

On Fri, 26 Sep 2014, Jaap Winius wrote:

> On 26/09/14 19:34, Brandon Allbery wrote:
>
> > This is because, if you specify a command, it runs that command and
> > then cleans up and exits. It's specifically intended to run a
> > long-running command or daemon while maintaining Kerberos tickets
> > and optionally AFS tokens for that command. Which leads to the
> > correct solution: instead of running your long running daemon and
> > having a separate k5start to maintain tickets/tokens for it, use
> > k5start to run the daemon so it can manage the tickets/tokens for it
> > directly.
>
> So, I was getting into trouble because aklog is not a long-running command?
> Anyway, the daemon in question doesn't understand Kerberos or AFS; I'm just
> trying to give an average daemon access to some files in AFS. I thought
> k5start and its -t option would suffice, but perhaps I wasn't using it
> properly.

It sounds like that's the case.

You want something like "k5start -t /path/to/long-running-command"
(include the other relevant arguments, of course).

Passing -t tells k5start to literally run 'aklog' (unless AKLOG is set in
the environment), not /path/to/long-running-command, when it gets tickets.

-Ben