On 28 Feb 2009, at 23:04, Thomas Kula wrote: > On Sat, Feb 28, 2009 at 05:42:58PM -0500, Jason Edgecombe wrote: >> We have users who need to run long-running jobs and store their >> files in >> AFS during the run. >> >> I've read the k5start and k5renew man pages, but I don't see how I >> can >> have users type in their password when they start a job and have the >> tickets and tokens keep being renewed. >> >> How can I do this? > > Give them a keytab, but not one for their normal identity (this > breaks things). Create, rather, an instance for them that can > be put in a keytab
We (Informatics @ Edinburgh) are developing an identity management system which provides a user-friendly interface both to allow a user to create a new instance from their primary one, and to allow them to assign access control entitlements from their primary instance to the one they've just created. I'll be talking about, and demoing it, at this years AFS & Kerberos Best Practices Workshop. Cheers, Simon. ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
