Service Ticket Questions

Ken Hornstein kenh at
Tue Mar 14 17:10:16 EST 2006

>Hank wants to be able to implement aklog such that if the token cannot
>be created even though the afs service ticket was obtained, that the
>afs service ticket be deleted from the ccache.  Hank is concerned that
>users who see the afs service ticket in the ccache will believe that
>they have obtained afs tokens.

Personally ... this seems like a minor corner case to me.  I mean,
aklog _is_ displaying an error message, right?  Assuming you are using
a V5 ticket directly, the failure mode at that point is some problem
with the cache manager.  But if it's a real issue to you, I think your
easiest thing would be to load the service ticket into a memory cache,
then copy it to the destination cache.  Doing this right and getting
all of the corner cases will be a pain, though.


More information about the krbdev mailing list