[OpenAFS-devel] aklog on MacOS X was Re: Service Ticket Questions

Harald Barth haba at pdc.kth.se
Tue Mar 28 01:25:37 EST 2006 

> Except, as I mentioned in my previous message, that you screw people who 
> are trying to do things which depend on them being separate.  Like using 
> different identities for different cells at the same time.  Or running an 
> application which uses Kerberos in such a way that file accesses it does 
> don't automatically trigger using your credentials to access AFS.

*Waves hand*

Example (with the heimdal utils):

habarber:~$ kinit --no-afslog haba at NADA.KTH.SE
haba at NADA.KTH.SE's Password: 
habarber:~$ afslog -c pdc.kth.se 
habarber:~$ klist -T
Credentials cache: FILE:/tmp/krb5cc_22421
        Principal: haba at NADA.KTH.SE

  Issued           Expires          Principal
Mar 28 08:19:07  Mar 28 18:19:08  krbtgt/NADA.KTH.SE at NADA.KTH.SE
Mar 28 08:19:33  Mar 28 18:19:08  afs/pdc.kth.se at NADA.KTH.SE

Mar 28 08:19:33  Mar 28 18:19:08  User's (AFS ID 22421) tokens for pdc.kth.se
habarber:~$ export KRB5CCNAME=/tmp/whatever
habarber:~$ kinit --no-afslog haba at STACKEN.KTH.SE
haba at STACKEN.KTH.SE's Password: 
habarber:~$ afslog -c stacken.kth.se
habarber:~$ klist -T
Credentials cache: FILE:/tmp/whatever
        Principal: haba at STACKEN.KTH.SE

  Issued           Expires          Principal
Mar 28 08:20:11  Mar 28 18:20:12  krbtgt/STACKEN.KTH.SE at STACKEN.KTH.SE
Mar 28 08:20:20  Mar 28 18:20:12  afs at STACKEN.KTH.SE

Mar 28 08:19:33  Mar 28 18:19:08  User's (AFS ID 22421) tokens for pdc.kth.se
Mar 28 08:20:20  Mar 28 18:20:11  User's (AFS ID 22421) tokens for stacken.kth.se
habarber:~$ kdestroy --no-unlog
habarber:~$ klist -T
klist: No ticket file: /tmp/whatever

Mar 28 08:19:33  Mar 28 18:19:08  User's (AFS ID 22421) tokens for pdc.kth.se
Mar 28 08:20:20  Mar 28 18:20:11  User's (AFS ID 22421) tokens for stacken.kth.se
[Exit 1 ]
habarber:~$ unset KRB5CCNAME
habarber:~$ klist -T
Credentials cache: FILE:/tmp/krb5cc_22421
        Principal: haba at NADA.KTH.SE

  Issued           Expires          Principal
Mar 28 08:19:07  Mar 28 18:19:08  krbtgt/NADA.KTH.SE at NADA.KTH.SE
Mar 28 08:19:33  Mar 28 18:19:08  afs/pdc.kth.se at NADA.KTH.SE

Mar 28 08:19:33  Mar 28 18:19:08  User's (AFS ID 22421) tokens for pdc.kth.se
Mar 28 08:20:20  Mar 28 18:20:11  User's (AFS ID 22421) tokens for stacken.kth.se

Harald.

More information about the krbdev mailing list