tor, 15 02 2007 kl. 09:34 -0600, skrev Douglas E. Engert: > > * The short version * > > I have a keytab which is used from my cronscript. The script is executed > > every 5 minutes and has a local non-AFS lockfile to prevent multiple > > scripts working on data at the same time. > > For convenience we call the running script R and the starting/checking > > script S. The S script exits if the lockfile exists, if not it > > initializes the AFS credentials with kinit and the keytab file and > > becomes R. When S exits R will loose its AFS credentials, which is the > > part I just do not understand as I would expect that the different > > executions of the cronjob have their own running environment. > > > Ubuntu has a /etc/pam.d/cron file. It calls common-account and > common-session. Do you have any pam routines that could be deleting > the token? It sounds like your job is not run in its own PAG > so it using a shared PAG for the user the job is running under. > Some debug options on the pam routines might show something. > > Add some klist and tokens commands to you script might also help.
With klist I got the information needed to find out that a new cronjob is running within the same environment as the previous cronjob (as my suspicion was telling me). This kind of explains why the token does not remain for the first occurrence of the cronjob. Now I just have to find out how to let each cronjob run in their very own environment. I have been looking at my pam configuration but cannot seem to find any errors or solutions. Maybe I need another option in my pam configuration? # /etc/pam.d/cron @include common-auth auth required pam_env.so @include common-account @include common-session # Sets up user limits, please define limits for cron tasks # through /etc/security/limits.conf session required pam_limits.so # /etc/pam.d/common-auth auth sufficient pam_krb5.so auth required pam_unix.so nullok_secure use_first_pass # /etc/pam.d/common-account account sufficient pam_krb5.so account required pam_unix.so # /etc/pam.d/common-session session optional pam_krb5.so session optional pam_openafs_session.so session required pam_unix.so Sincerely, Jacob Volstrup _______________________________________________ OpenAFS-info mailing list [email protected] https://lists.openafs.org/mailman/listinfo/openafs-info
