|
Add script to do the token-getting dance
Unfortunately, the scripts AFS setup means that if you
(a) Can't use the tokens scripts sets up automatically from userspace
(which makes sense, because you shouldn't be able to use them for
changing group membership or something), and
(b) can't aklog with new tokens without being in a new PAG, which
(c) can't have scripts tokens at the beginning.
Overall, this requires a bit of a dance to
(a) load the keytab out of AFS to get tickets as daemon/asa-db.mit.edu,
(b) get a new PAG
(c) get tokens from your tickets
(d) run the main script
Also, this requires making the code and database passwords readable by
daemon.asa-db. *sigh*
Theoretically, PyAFS could probably be made to use a keytab purely in
userspace, without getting tokens inside the kernel at all, but that's
a bunch more work.
|
