Question on k5start daemon-related example in k5start manual
Holger Rauch
holger.rauch at empic.de
Thu Sep 2 08:30:55 EDT 2010
Hi Russ,
thanks a lot for your detailed explanation. What I forgot to mention:
- I initially log in to the box (NFSv4 client) via ssh, which causes
the following
*) Kerberos tickets are obtained
*) the home dir is mounted with automount via NFSv4
- From that interactive shell I would like to use k5start as a wrapper
so that the process(es) started via their init script can still write
to the NFSv4 file system and don't get "Permission denied" when the
tickets expire. That means, I'm dependendent on a main functionality
of k5start (if I get it right): the ticket lifetime is constantly
renewed at regular intervals, so that the renewed ticket actually never
reaches the maximum ticket lifetime. Otherwise, I would have to
restart the server process manually each and every day and this
would be sort of awkward...
Is it possible run daemon-like processes indefinitely (provided
there's no core dump etc.) using k5start? (Sorry for explictly asking
this, but it's not clear to me from the examples I've come accross on
your home page).
Do I have to take any additional measures when a daemon accesses a
NFSv4 mounted filesystem via automount (That is, do I have to add
additional principals to my keytab file)? (Currently, only the
corresponding user principal is in there).
Thanks in advance for any advice.
Kind regards,
Holger
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
Url : http://mailman.mit.edu/pipermail/kerberos/attachments/20100902/7d10ccc5/attachment.bin
More information about the Kerberos
mailing list