Changeset ac1d897 for asadb/util

Timestamp:

Dec 21, 2011, 2:02:08 AM (14 years ago)

Author:

Alex Dehnert <adehnert@…>

Branches:

master, space-access, stable, stage

Children:

c8cb9ba

Parents:

8cb8a9c

git-author:

Alex Dehnert <adehnert@…> (12/21/11 02:02:08)

git-committer:

Alex Dehnert <adehnert@…> (12/21/11 02:02:08)

Message:

Add script to do the token-getting dance

Unfortunately, the scripts AFS setup means that if you
(a) Can't use the tokens scripts sets up automatically from userspace
(which makes sense, because you shouldn't be able to use them for
changing group membership or something), and
(b) can't aklog with new tokens without being in a new PAG, which
(c) can't have scripts tokens at the beginning.

Overall, this requires a bit of a dance to
(a) load the keytab out of AFS to get tickets as daemon/asa-db.mit.edu,
(b) get a new PAG
(c) get tokens from your tickets
(d) run the main script

Also, this requires making the code and database passwords readable by
daemon.asa-db. *sigh*

Theoretically, PyAFS could probably be made to use a keytab purely in
userspace, without getting tokens inside the kernel at all, but that's
a bunch more work.

Location:

asadb/util

Files:

• sync_moira_authz.py (modified) (1 diff)
• sync_moira_authz.sh (added)

asadb/util/sync_moira_authz.py

@@ -115 +115 @@
     def __init__(self, *args, **kwargs):
         super(AFSConnector, self).__init__(*args, **kwargs)
-        self.login()
+        #self.login()
         self.pts = afs.pts.PTS(sec=afs.pts.PTS_ENCRYPT, cell='athena.mit.edu', )
     def login(self, ):