I'm pleased to announce release 4.1 of kstart. k5start and krenew are modified versions of kinit which add support for running as a daemon to maintain a ticket cache, running a command with credentials from a keytab and maintaining a ticket cache until that command completes, obtaining AFS tokens (via an external aklog) after obtaining tickets, and creating an AFS PAG for a command. They are primarily useful in conjunction with long-running jobs; for moving ticket handling code out of servers, cron jobs, or daemons; and to obtain tickets and AFS tokens with a single command.
Changes from previous release: Fix a regression introduced in kstart 4.0 that caused k5start -H and krenew -H to fail and attempt reauthentication with non-renewable tickets even if the lifetime was long enough. Thanks to pod for the report. Fix a regression introduced in kstart 4.0 where k5start -H would be happy with an unexpired ticket for a different principal than the desired client principal. When k5start or krenew are running as a daemon and obtaining new tickets fails, both now shorten the wake-up interval to one minute and keep trying at that interval until the error resolves itself, and then go back to the normal wakeup interval. Add a new -s option to krenew that, if given, tells krenew to send SIGHUP to the command it's running when it exits because it can't renew the ticket. This is useful when continuing to run the command without a valid ticket would be pointless. After a SIGHUP or SIGTERM when not running a command, k5start and krenew now clean up their PID files, if any, before exiting. You can download it from: <http://www.eyrie.org/~eagle/software/kstart/> This package is maintained using Git; see the instructions on the above page to access the Git repository. Debian packages have been uploaded to Debian unstable. Please let me know of any problems or feature requests not already listed in the TODO file. -- Russ Allbery (r...@stanford.edu) <http://www.eyrie.org/~eagle/> ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos