Hi,
I have an issue accessing the file system after
an OS upgrade on one of our KRB5 Heimdal KDCs
(which is a Linux distribution called UCS(V3.2)
based on debian).
While the update process, a script was executed, that
must have altered the enctypes
On Wed, 24 Sep 2014 08:22:12 -0700
Eric Shell wrote:
> > Can you run any command successfully with -localauth? A good simple
> > test is 'bos status' like you showed; just run it with -localauth.
>
> Yes, this works. It immediately says that buserver, vlserver, and
> ptserver are running normal
On Fri, 26 Sep 2014 11:41:27 +0200
Andreas Donath wrote:
> I have an issue accessing the file system after
> an OS upgrade on one of our KRB5 Heimdal KDCs
> (which is a Linux distribution called UCS(V3.2)
> based on debian).
>
> While the update process, a script wa
Hi folks,
How should k5start (kstart 4.1-2 on Debian wheezy) be configured for
/etc/inittab to maintain a Kerberos ticket *and* an AFS token for an
arbitrary server process not running as root?
The -t option seems to do nothing for me, while any command option
placed at the end of the sta
On Fri, 2014-09-26 at 19:27 +0200, Jaap Winius wrote:
> The -t option seems to do nothing for me, while any command option
> placed at the end of the statement only causes another problem that
> makes init disable the process after respawning too quickly.
This is because, if you specify a comm
On 26/09/14 19:34, Brandon Allbery wrote:
This is because, if you specify a command, it runs that command and
then cleans up and exits. It's specifically intended to run a
long-running command or daemon while maintaining Kerberos tickets
and optionally AFS tokens for that command. Which leads to
On Fri, 26 Sep 2014, Jaap Winius wrote:
> On 26/09/14 19:34, Brandon Allbery wrote:
>
> > This is because, if you specify a command, it runs that command and
> > then cleans up and exits. It's specifically intended to run a
> > long-running command or daemon while maintaining Kerberos tickets
> >
On Fri, 2014-09-26 at 22:29 +0200, Jaap Winius wrote:
> So, I was getting into trouble because aklog is not a long-running
> command? Anyway, the daemon in question doesn't understand Kerberos
> or
> AFS; I'm just trying to give an average daemon access to some files
> in
> AFS.
That is *exa
Quoting Benjamin Kaduk :
Passing -t tells k5start to literally run 'aklog' (unless AKLOG is set in
the environment), not /path/to/long-running-command, when it gets tickets.
Well, that's all I want it to do, in addition to keeping a Kerberos
ticket alive.
In the mean time, I've actually su
Am Freitag 26 September 2014, 22:49:53 schrieb Jaap Winius:
> This creates Kerberos TGT, an AFS service ticket and -- thanks to the
> -t option -- an AFS token. Now, how can I do this for a user other
> than root?
Use su in front of k5start and make sure the user has read access to the
keyta
On Fri, 26 Sep 2014, Jaap Winius wrote:
> Quoting Benjamin Kaduk :
>
> > Passing -t tells k5start to literally run 'aklog' (unless AKLOG is set in
> > the environment), not /path/to/long-running-command, when it gets tickets.
>
> Well, that's all I want it to do, in addition to keeping a Kerberos
Quoting Benjamin Kaduk :
The k5start mindset is to avoid having to have a separate periodic process
that prepares tickets/tokens for some independent process to consume --
instead, the process consuming the tickets/tokens is a child process,
wrapped by k5start. ...
Are you suggesting that I no
On Fri, 26 Sep 2014, Jaap Winius wrote:
> Quoting Benjamin Kaduk :
>
> > The k5start mindset is to avoid having to have a separate periodic process
> > that prepares tickets/tokens for some independent process to consume --
> > instead, the process consuming the tickets/tokens is a child process,
13 matches
Mail list logo