This is a discussion on kstart 3.13 released - Kerberos ; I'm pleased to announce release 3.13 of kstart. k4start, k5start, and krenew are modified versions of kinit which add support for running as a daemon to maintain a ticket cache, running a command with credentials from a keytab and maintaining ...
I'm pleased to announce release 3.13 of kstart.
k4start, k5start, and krenew are modified versions of kinit which add
support for running as a daemon to maintain a ticket cache, running a
command with credentials from a keytab and maintaining a ticket cache
until that command completes, obtaining AFS tokens (via an external aklog)
after obtaining tickets, and creating an AFS PAG for a command. They are
primarily useful in conjunction with long-running jobs; for moving ticket
handling code out of servers, cron jobs, or daemons; and to obtain tickets
and AFS tokens with a single command.
Changes from previous release:
As of this release, k4start should be considered frozen. I will still
fix bugs where possible, but it is no longer tested before releases
and new features added to k5start and krenew will not be added to
If the environment variable AKLOG is set, use its value as the path to
the aklog program to run when -t is given to k5start or krenew. If
AKLOG is set, always run that program unless -n was given in k4start.
This environment variable replaces the badly-named KINIT_PROG,
although KINIT_PROG is still supported for backward compatibility.
Remove the restriction that -o, -g, and -m may not be used with -K or
a command. The MIT Kerberos libraries have removed the restriction
about ticket cache ownership and this now works properly. However,
each authentication changes the permissions, so reset the ownership
and permissions whenever we renew the cache. Thanks, Howard
Strip a leading FILE: or WRFILE: prefix from the ticket cache name
when changing the ownership or permissions. Based on a patch from
Fix a portability problem with Heimdal introduced in the previous
release (Heimdal wants krb5_cc_copy_cache, not krb5_cc_copy_creds).
Thanks, Jason White.
Include a dummy object in libportable to avoid build failures on
systems that don't need any portability functions (such as Mac OS X).
You can download it from:
Debian packages have been uploaded to Debian unstable.
Please let me know of any problems or feature requests not already listed
in the TODO file.
Russ Allbery (firstname.lastname@example.org)