One other aspect of my goal is to effectively have aklog become "automatic". That is, if a user's krb5 credentials cache has changed in any way since the last time s/he accessed a particular cell, the cache manager would ask afsd to run aklog (or perform equivalent action) on behalf of that user.
Is there a reason -- other than "nobody's had time to implement it" -- that this is not already the case? I'm leaving out a bit here since there's no such thing as a "kerberos PAG" (only tokens get bound to PAGs, not tickets), but this is the general idea. I can see a couple of ways of handling PAGs. - a -- PGP/GPG: 5C9F F366 C9CF 2145 E770 B1B8 EFB1 462D A146 C380 _______________________________________________ OpenAFS-info mailing list [email protected] https://lists.openafs.org/mailman/listinfo/openafs-info
