cron on AFS files]

Ken Hornstein
Sun, 04 Mar 2001 02:10:11 -0500

>>In case you're wondering .... for users that want this at our site, we
>>give them a special "cron" instance (kenh/cron in V5 format, kenh.cron in
>>V4 format) and let the user add the cron instance to the appropriate ACLs
>>in AFS.  Since that special cron user has restricted priviledges (they
>>can't use it for interactive login by default), I'm confortable with
>>that tradeoff.  But since we use Kerberos 5 with AFS, we use Kerberos 5
>>tools for that, so that won't help you.
>Hmmph.  So what do your cron users do when they want to write cron jobs 
>that modify files in AFS?  Trust all their fellow cron users?

The keytab file is protected via Unix permissions; cron jobs that run
under other user's IDs can't read the keytab.