From 9d0b08517181548fd9c3bd8468422b27ae7cf549 Mon Sep 17 00:00:00 2001 From: Geoffrey Thomas Date: Wed, 29 Oct 2008 13:07:25 -0500 Subject: [PATCH] --- doc/RootInstance | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/doc/RootInstance b/doc/RootInstance index 965064d..6afb113 100644 --- a/doc/RootInstance +++ b/doc/RootInstance @@ -13,9 +13,9 @@ To use another instance, just specify it to the kinit command, e.g., "kinit joeu Because you would want to use your null instance tickets most of the time but your root instance tickets occasionally, a couple of people have developed shell scripts to make it easy to switch between them. -* nelhage has the [http://web.mit.edu/nelhage/Public/krbroot krbroot command], which you use syntax like "krbroot ssh linerva" when you want to use your root instance for a command. You can also "krbroot shell". -* quentin has '''XXX can't find the link''' kdo, which is similar in spirit to krbroot, but designed for Mac OS X. It takes advantage of the fact that OS X's Kerberos implementation is better at handling multiple tickets. -* geofft has [http://web.mit.edu/geofft/Public/bashrc.kpagsh kpagsh], a way of configuring your .bashrc to prompt you for tickets (null instance by default) if you start a shell and don't have tickets. If you want to switch tickets, you start a new shell, and also a new PAG, which lets you use multiple AFS credentials at once, too. It also modifies your prompt. + * nelhage has the [http://web.mit.edu/nelhage/Public/krbroot krbroot command], which you use syntax like "krbroot ssh linerva" when you want to use your root instance for a command. You can also "krbroot shell". + * quentin has '''XXX can't find the link''' kdo, which is similar in spirit to krbroot, but designed for Mac OS X. It takes advantage of the fact that OS X's Kerberos implementation is better at handling multiple tickets. + * geofft has [http://web.mit.edu/geofft/Public/bashrc.kpagsh kpagsh], a way of configuring your .bashrc to prompt you for tickets (null instance by default) if you start a shell and don't have tickets. If you want to switch tickets, you start a new shell, and also a new PAG, which lets you use multiple AFS credentials at once, too. It also modifies your prompt. These aliases are also careful to get shorter lifetime tickets that are marked nonforwardable. Some versions of SSH try to forward tickets by default. Since you might let your root instance tickets access many servers, but not trust all of these servers equally, you don't want your tickets to be forwardable. (Thankfully, recent Debian, Ubuntu, and OS X have turned off this default, but it's a good precaution.) -- 2.44.0