Sergio Gelato <[EMAIL PROTECTED]> writes: > I also like it that Heimdal's pagsh (kpagsh, in Debian) will generate a > new KRB5CCNAME, so that a subsequent kinit will not clobber the Kerberos > ccache of the parent process. OpenAFS's pagsh shouldn't (and doesn't) do > that since OpenAFS tries to be agnostic about where the tokens come from > (it doesn't have to be Kerberos 5).
Yeah, OpenAFS has a pagsh.krb that does this for the K4 KRBTKFILE, but like most of the rest of the K4-only stuff, it's not installed in the Debian packages. It might be worthwhile to create a simple pagsh.krb5 that does the same thing for Kerberos v5, just because changing ticket cache names securely is a little tricky to do portably in shell. -- Russ Allbery ([EMAIL PROTECTED]) <http://www.eyrie.org/~eagle/> _______________________________________________ OpenAFS-info mailing list [email protected] https://lists.openafs.org/mailman/listinfo/openafs-info
