I have a long-running process. How can I maintain access to my AFS files?
Last updated: January 19th, 2017 03:13 PM
Long-running processes that need access to AFS files must use this mechanism to keep their AFS token active. In the example below, replace 'username' with your user name.
- Create a keytab file containing your password in encrypted format. Do this once at the beginning and again each time after you change your password:
% cd ~/private % rm -f username.keytab % ktutil ktutil: addent -password -p username@DEPT.CS.PITT.EDU -k 1 -e aes256-cts Password for username@DEPT.CS.PITT.EDU: [enter your password] ktutil: wkt username.keytab ktutil: quit %
Please keep this keytab file in a secure place. Anyone who gets a copy of your keytab file can authenticate themselves as you.
- Then, each time you need to have a long-running process, copy your keytab file to /var/tmp and protect it so that only you can read it:
% cp ~/private/username.keytab /var/tmp % chmod 400 /var/tmp/username.keytab
- Start up a daemon process that renews your tickets periodically:
% setenv AKLOG /usr/bin/aklog % k5start -b -t -K 600 -p /var/tmp/username.pid -f /var/tmp/username.keytab username@DEPT.CS.PITT.EDU
% export AKLOG=/usr/bin/aklog % k5start -b -t -K 600 -p /var/tmp/username.pid -f /var/tmp/username.keytab username@DEPT.CS.PITT.EDU
- Once your project is done, kill the k5start process and remove your keytab from /var/tmp:
% kill `cat /var/tmp/username.pid` % rm /var/tmp/username.keytab /var/tmp/username.pid