(Illustration by Gaich Muramatsu)
Hello Karl-Philipp, On Mon, Jul 11, 2016 at 11:13:55AM +0200, Karl-Philipp Richter wrote: > Hi, > OpenAFS has the ability to renew kerberos tickets and get AFS tokens > automatically with the `krenew` command. Is there an equivalent in coda? It is not an "ability of OpenAFS" but an ability of krenew, to renew Kerberos tickets and run external commands when asked so. You _can_ use "krenew" with Coda: AKLOG=clog krenew -t .... but then you need a Kerberos-capable Coda build (and realm), which regrettably is not included in upstream. When you do not need _all_ of the krenew functionality, here is an example of a shell one-liner which acts similar to krenew as a daemon: (doing nothing specific to either AFS or Coda) while sleep 10000; do kinit -R; done Together with a kerberos-aware clog: while sleep 10000; do kinit -R [...]; clog [...]; done Without Kerberos you have no use for krenew but still can do something like while sleep 30000; do clog xxx_at_yyyy </protected/file/with/a/pass; done Here the pass file plays the same role as the Kerberos credentials cache with krenew. The difference is that the pass does not expire while the credentials cache is designed to. This nice property of Kerberos credentials is also available to Coda when clog is built with Kerberos support but this is not necessarily crucial for a particular deployment. The differing sleep amounts above reflect the expected credentials validity length, several hours for a Kerberos tgt, somewhat over 24 hours for Coda tokens. To protect oneself from possible temporary reauthentication failures it is preferable to make more than one attempt during the validity period. (A different approach would be generation of Coda tokens with longer validity. This relies on administrative rights on the Coda realm and as such is much more intrusive.) Does this address your needs? RuneReceived on 2016-07-11 07:15:53