You are not logged in.
Hi All,
I have my system at work set up in such a way, that my afs directory is used as my home directory. I added the needed modules in /etc/pam.d/system-auth so that I can login locally with my Kerberos credentials and also receive an afs ticket. This works fine, as long as the tickets are valid. Now I found krenew and wanted to use it to automatically renew my tickets (by running "krenew -v -L -b -K 30 -i -t" as systemd user service). This works fine when I start it manually, but when run as a service (under my username) it does not have access to the KRB5CCNAME environment variable and therefore doesn't find the ticket cache.
Does anybody have a solution to this? I was thinking I could use "EnvironmentFile=XXX", but the name of the ticke cache file is likely to change, so I would need a dynamic way to give access to environment variables.
EDIT: I marked this thread as solved, since the solution provides an acceptable workaround. However, the question of how to make dynamicc environment variables accessible to a systemd service unit was not answered.
Last edited by pfilz0 (2015-04-02 06:52:05)
Offline
Hi,
I'm not sure if I can help you with what you want to do. On my system my ticket cache is always stored at /tmp/krb5cc_$UID so this seems to be pretty predictable. But I remember that it once was stored in /run/…, so that may change from time to time.
I assume you are using some sort of graphical desktop. You may give krb5-auth-dialog a try. It can be found in the AUR and automatically renews your ticket (as long as it is renewable) as would krenew do. It also includes an AFS plugin which automatically obtains an AFS token. You have to enable it using
gsettings set org.gnome.KrbAuthDialog.plugins enabled '@as ["afs"]'Offline
Hi Bevan,
Thanks for the info. I'll certainly give it a try.
Sorry, I forgot to put part of the information. On my PC, the cache file is saved under /tmp/krb5cc_$UID_XXX (with XXX being some random key that changes with every ticket). Since krenew is detached from the terminal, it doesn't inherit the environment variables (KRB5CCNAME among them) and therefore defaults to /tmp/krb5cc_$UID. as this file doesn't exist, krenew can't renew the ticket and posts an error message in the log (something like: "/tmp/krb5cc_$UID not found" ...). That's why I either have to influence the name of the cache file (if it were saved under /tmp/krb5cc_$UID all would be fine), or find a way to pass the current cache file name to krenew.
Last edited by pfilz0 (2015-03-27 18:36:35)
Offline