In additon to Derrick's answer:
To write into AFS space you need a token. That is manufactured from a
ticket. Tickets can be found in a file and tokens in the kernel.
When I authenticated today I first got a ticket granting ticket which
identifies me:
Credentials cache: FILE:/tmp/krb5cc_22421
Principal: [EMAIL PROTECTED]
Issued Expires Principal
Jan 16 20:49:33 Jan 17 06:49:33 [EMAIL PROTECTED]
Then I got from that an AFS service ticket:
Jan 16 20:49:34 Jan 17 06:49:33 [EMAIL PROTECTED]
This ticket was used to make a token:
Jan 16 20:49:34 Jan 17 06:49:33 User's (AFS ID 22421) tokens for nada.kth.se
The output lines were taken from the output of /usr/heimdal/bin/klist -T
If I would like to deliver files into AFS I'd do the following.
* Make an AFS identity (say mailman)
* Give that AFS identity the rights to insert and/or append
at the right places in the AFS tree, it won't need all
rights
* Check out a keytab (srvtab in v4) for mailman and
store in safe place
* Let the delivery agent use that srvtab when it needs tokens
Harald.
_______________________________________________
OpenAFS-devel mailing list
[EMAIL PROTECTED]
https://lists.openafs.org/mailman/listinfo/openafs-devel
