(Illustration by Gaich Muramatsu)
On Mon, Jul 11, 2016 at 11:13:55AM +0200, Karl-Philipp Richter wrote: > OpenAFS has the ability to renew kerberos tickets and get AFS tokens > automatically with the `krenew` command. Is there an equivalent in coda? AFS tokens are actually modified kerberos tickets and they use a kerberos mechanism to delagate ticket signing through a TGT (ticket granting ticket?) or a host token to make a fresh set of AFS tokens without contacting the kerberos server. Coda tokens are not related to Kerberos tickets and there is no chain of intermediate signing tickets, only trusted servers (auth2 daemons) are able to sign a fresh Coda token. > I didn't find anything on > [google](https://www.google.de/?gws_rd=ssl#q=coda+renew+token) and in > the `clog` manpage. It probably was mentioned in the mailinglist at some point, but on our webserver I have a cron job to safely renew a Coda token for the apache server. The crontab entry is as follows, 55 */3 * * * root /root/bin/gettokens.sh The gettokens.sh script contains, #!/bin/sh /usr/bin/clog -as www-data websrv_at_coda.cs.cmu.edu < /etc/coda/auth/www-data And the actual password is stored in '/etc/coda/auth/www-data' where the /etc/coda/auth directory is only readable by root. This prevents the 'www-data' user from reading the password but he still gets a token that is refreshed every 3 hours. When the server is rebooted, the same gettokens.sh script is run from rc.local. JanReceived on 2016-07-11 14:39:46