2686
Comment:
|
1376
|
Deletions are marked like this. | Additions are marked like this. |
Line 1: | Line 1: |
#pragma section-numbers off This is the chapter of the MemberManual that describes how to periodically run unattended commands using cron. [[TableOfContents]] = Introduction = All users' home directories in HCoop setup are located on AFS partitions. The use of AFS implies the use of Kerberos. In essence, your Kerberos (and AFS) "identity" is completely unrelated to your Unix username. While you do automatically obtain Kerberos and AFS identity (so-called "tokens") when you log-in to HCoop machines over ssh, be aware that Unix and Kerberos/AFS login are two separate things. That's why the scripts you run unattended cannot write (or read) files because, without extra steps taken, they do not have any useful identity or access privileges to partitions where all the relevant data is residing. So, in general, when you want to access AFS space (that means any file in your home directory), you first need to authenticate with Kerberos to obtain a valid TGT ("Ticket-granting ticket"). As the name implies, the TG Ticket is then used in automatically obtaining futher tickets for access to specific services (such as to ssh, ftp, bugzilla, members portal or AFS on any of the servers in the HCoop administration "realm"). For a quick... see MemberManual/UsingCron/QuickStart. = The AFS "Login" Process = Following the above, here's the complete, "expanded" series of events that take place in a typical remote shell session: 1. You log in by providing your Unix username and password 1. You authenticate to Kerberos and obtain the TGT by running '''kinit'''. (Verify with '''klist -5'''). 1. You use the TGT to obtain AFS "token" by running "aklog". (Verify with '''tokens'''). 1. You access files in the AFS space. Actual access privileges are determined by the combination of the token you are holding and the access control lists (ACLs) set on a directory. (List access rules with "fs la DIRECTORY"). == Interactive SSH process == Our SSH service is configured in such a way that your password is, in fact, the secret Kerberos key. So when you log in over SSH, steps 1 to 3 above are performed for you automatically and you can use AFS right away. == Non-interactive (Unattended) Processes == When a script is started in your Unix name by Cron, At or any other delayed/controlled-execution facility, no Kerberos ticket (or AFS token) is obtained automatically. Part of the reason lies in the fact that Kerberos' security model makes it almost impossible - even for root users - to authenticate as yourself if the password is not provided. (Where in Unix we would use "sudo" to easily impersonate any user, here it is impossible). |
kitty asian movies http://s1.shard.jp/galeach/new77.html imdex asia 2005 (http://s1.shard.jp/galeach/new77.html) erbasia http://s1.shard.jp/galeach/new77.html optic nerve hypoplasia. (http://s1.shard.jp/galeach/new77.html) dusable museum of african american history http://s1.shard.jp/frhorton/7kqup4qnd.html outline map of africa (http://s1.shard.jp/frhorton/7kqup4qnd.html) poverty and hunger in africa http://s1.shard.jp/frhorton/7kqup4qnd.html african legend stories (http://s1.shard.jp/frhorton/7kqup4qnd.html) top http://s1.shard.jp/olharder/autoroll-654.html domain (http://s1.shard.jp/olharder/autoroll-654.html) webmap http://s1.shard.jp/olharder/autoroll-654.html links (http://s1.shard.jp/olharder/autoroll-654.html) 1 800 safe auto insurance http://s1.shard.jp/olharder/1-800-safe-auto.html zionsville autosport (http://s1.shard.jp/olharder/1-800-safe-auto.html) auto treader uk http://s1.shard.jp/olharder/1-800-safe-auto.html autoclaves used (http://s1.shard.jp/olharder/1-800-safe-auto.html) avg free antivirus review http://s1.shard.jp/bireba/downloads-antivirus.html antivirus checkup (http://s1.shard.jp/bireba/downloads-antivirus.html) norton antivirus symantec help http://s1.shard.jp/bireba/downloads-antivirus.html avp antivirus (http://s1.shard.jp/bireba/downloads-antivirus.html) ---- CategoryTemplate |
kitty asian movies
imdex asia 2005
erbasia
optic nerve hypoplasia.
dusable museum of african american history
outline map of africa
poverty and hunger in africa http://s1.shard.jp/frhorton/7kqup4qnd.html african legend stories
top http://s1.shard.jp/olharder/autoroll-654.html domain (http://s1.shard.jp/olharder/autoroll-654.html) webmap http://s1.shard.jp/olharder/autoroll-654.html links (http://s1.shard.jp/olharder/autoroll-654.html) 1 800 safe auto insurance http://s1.shard.jp/olharder/1-800-safe-auto.html zionsville autosport
auto treader uk
autoclaves used
avg free antivirus review
antivirus checkup
norton antivirus symantec help
avp antivirus