Quoting Jaap Winius jwin...@umrk.nl:
start-stop-daemon --start --pidfile /run/zz/k5start-zz.pid \
--chuid $USER:$GROUP --exec /usr/bin/k5start -- -b \
-p /run/zz/k5start-zz.pid \
-K 10 -l 24h -k /tmp/krb5cc_107 -o zz \
-L -t -U -f /etc/krb5-zz.keytab \
$($DAEMON
Am Sonntag 28 September 2014, 04:44:07 schrieb Jaap Winius:
Okay, I figured it out.
No, not quite yet, I'm afraid.
I altered /etc/init.d/zz by adding the
following line to the do_start function just before the zz daemon is
started up:
start-stop-daemon --start --pidfile
Quoting Dirk Heinrichs dirk.heinri...@altum.de:
You don't let k5start start your zz daemon. IOW: You don't do the
start part of k5start, only the k5 part.
Okay, how about this?
start-stop-daemon --start --pidfile /run/zz/k5start-zz.pid \
--chuid $USER:$GROUP --exec /usr/bin/k5start --
Quoting Benjamin Kaduk ka...@mit.edu:
On Fri, 26 Sep 2014, Jaap Winius wrote:
Are you suggesting that I alter the /etc/init.d/ script that starts
up the daemon in question, ...
That's the general idea, yes. ...
Okay, I figured it out. I altered /etc/init.d/zz by adding the
following
Hi folks,
How should k5start (kstart 4.1-2 on Debian wheezy) be configured for
/etc/inittab to maintain a Kerberos ticket *and* an AFS token for an
arbitrary server process not running as root?
The -t option seems to do nothing for me, while any command option
placed at the end of the
On Fri, 2014-09-26 at 19:27 +0200, Jaap Winius wrote:
The -t option seems to do nothing for me, while any command option
placed at the end of the statement only causes another problem that
makes init disable the process after respawning too quickly.
This is because, if you specify a
On 26/09/14 19:34, Brandon Allbery wrote:
This is because, if you specify a command, it runs that command and
then cleans up and exits. It's specifically intended to run a
long-running command or daemon while maintaining Kerberos tickets
and optionally AFS tokens for that command. Which leads
On Fri, 26 Sep 2014, Jaap Winius wrote:
On 26/09/14 19:34, Brandon Allbery wrote:
This is because, if you specify a command, it runs that command and
then cleans up and exits. It's specifically intended to run a
long-running command or daemon while maintaining Kerberos tickets
and
On Fri, 2014-09-26 at 22:29 +0200, Jaap Winius wrote:
So, I was getting into trouble because aklog is not a long-running
command? Anyway, the daemon in question doesn't understand Kerberos
or
AFS; I'm just trying to give an average daemon access to some files
in
AFS.
That is *exactly*
Quoting Benjamin Kaduk ka...@mit.edu:
Passing -t tells k5start to literally run 'aklog' (unless AKLOG is set in
the environment), not /path/to/long-running-command, when it gets tickets.
Well, that's all I want it to do, in addition to keeping a Kerberos
ticket alive.
In the mean time,
Am Freitag 26 September 2014, 22:49:53 schrieb Jaap Winius:
This creates Kerberos TGT, an AFS service ticket and -- thanks to the
-t option -- an AFS token. Now, how can I do this for a user other
than root?
Use su in front of k5start and make sure the user has read access to the
keytab.
On Fri, 26 Sep 2014, Jaap Winius wrote:
Quoting Benjamin Kaduk ka...@mit.edu:
Passing -t tells k5start to literally run 'aklog' (unless AKLOG is set in
the environment), not /path/to/long-running-command, when it gets tickets.
Well, that's all I want it to do, in addition to keeping a
Quoting Benjamin Kaduk ka...@mit.edu:
The k5start mindset is to avoid having to have a separate periodic process
that prepares tickets/tokens for some independent process to consume --
instead, the process consuming the tickets/tokens is a child process,
wrapped by k5start. ...
Are you
On Fri, 26 Sep 2014, Jaap Winius wrote:
Quoting Benjamin Kaduk ka...@mit.edu:
The k5start mindset is to avoid having to have a separate periodic process
that prepares tickets/tokens for some independent process to consume --
instead, the process consuming the tickets/tokens is a child
14 matches
Mail list logo
