Hi Jason, > Hi Andreas, > > Getting systemd, apache, and kstart to play nice took a little bit of > work. I have included a sanitized copy of my Apache systemd unit file. > Be sure to modify the ExecStart line to have the correct keytab > location and principal name. > > I have NOT tested this in selinux enforcing mode, so beware. selinux is in permissive mode. > > I think that kstart does create a new PAG, but I'm not certain. Be > sure to verify that by running bash via kstart, then running "id" to > see if an extra high-numbered numeric group appears. If no new PAG is > created, then you might play with the pagsh command. k5start -t -f keytab principal_for_httpd bash result in a new bash shell with same user id and because the -t switch it creates new afs service token. A new /tmp/krb5cc.... file is created.
How could i verify if a new pag is created or not ? Thx for the systemd snipped. regards, Andreas
smime.p7s
Description: S/MIME Cryptographic Signature
