From unknown Tue Apr 28 14:07:27 2026 X-Loop: owner@bugs.x2go.org Subject: Bug#272: Regarding x2go and afs interaction Reply-To: Roy Williams , 272@bugs.x2go.org Resent-From: Roy Williams Resent-To: x2go-dev@lists.x2go.org Resent-CC: X2Go Developers X-Loop: owner@bugs.x2go.org Resent-Date: Tue, 13 Jan 2015 14:15:02 +0000 Resent-Message-ID: Resent-Sender: owner@bugs.x2go.org X-X2Go-PR-Message: followup 272 X-X2Go-PR-Package: x2goserver X-X2Go-PR-Keywords: Received: via spool by 272-submit@bugs.x2go.org id=B272.142115828923451 (code B ref 272); Tue, 13 Jan 2015 14:15:02 +0000 Received: (at 272) by bugs.x2go.org; 13 Jan 2015 14:11:29 +0000 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on ymir.das-netzwerkteam.de X-Spam-Level: X-Spam-Status: No, score=0.8 required=5.0 tests=BAYES_50,FREEMAIL_FROM, HTML_MESSAGE,T_DKIM_INVALID,URIBL_BLOCKED autolearn=ham version=3.3.2 Received: from mail-ie0-f181.google.com (mail-ie0-f181.google.com [209.85.223.181]) by ymir.das-netzwerkteam.de (Postfix) with ESMTPS id 03D025DA2C for <272@bugs.x2go.org>; Tue, 13 Jan 2015 15:11:28 +0100 (CET) Received: by mail-ie0-f181.google.com with SMTP id rl12so2840033iec.12 for <272@bugs.x2go.org>; Tue, 13 Jan 2015 06:11:26 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:date:message-id:subject:from:to:content-type; bh=Zp/cWOPRvl9sm33YhWolvGfqp5E0cYEd94V6JoV3U9o=; b=I7zmV/3y5+dErq29m6hwQmYBqjEBnR900OFlzj+0FMlwgJBC1GrYUSOSgCAjMxLp92 /1lUp8q2bmxr3rLzQ139pzHUf7HQkZC2TfezlNh0vMoO0RWwDN4ve/nvYE8d1ukAJ9iy bjauaROfkf0BopRrnUsUwP9WqbyQ1GwfQZkyRV8XcknFodeckW/Q48KC9CVFpXHaaesK /krXnqtHTmsEmPKkQGv0Q27HaAbPuT2Cs8A0igQNny5ioNVGdCmucwWymd7OOOTXeCJi KOg3mEqMbhndb8N2KkpV5L8LU8szOLQM1c89uuDlS6jdplF63tbdQOoSBDlLb077Nlpy OMnA== MIME-Version: 1.0 X-Received: by 10.50.79.228 with SMTP id m4mr21275439igx.43.1421158286292; Tue, 13 Jan 2015 06:11:26 -0800 (PST) Received: by 10.64.55.129 with HTTP; Tue, 13 Jan 2015 06:11:26 -0800 (PST) Date: Tue, 13 Jan 2015 09:11:26 -0500 Message-ID: From: Roy Williams To: 272@bugs.x2go.org Content-Type: multipart/alternative; boundary=089e013a1f16d2fe2b050c893221 --089e013a1f16d2fe2b050c893221 Content-Type: text/plain; charset=UTF-8 Hello Everyone, I have a suggestion that basically involves using k5start from Russ Albury which I suspect will no longer be as maintained in the future. Available at http://www.eyrie.org/~eagle/software/kstart/k5start.html and having that maintain credentials in the session, then copying the KRB5CCNAME into a new session and having it renew the Kerberos tickets, so when k5start runs aklog it'll renew the tokens in the suspended session. It's not ideal but it does allow you to have session resuming. I am not sure what the security implications would be doing this since I suspect this would be frowned on by the Kerberos community. This k5start tool was intended to keep long running processes from losing their file system access on a host. Roy Williams (fang64@gmail.com) --089e013a1f16d2fe2b050c893221 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable
Hello Everyone,

I hav= e a suggestion that basically involves using k5start from Russ Albury which= I suspect will no longer be as maintained in the future. Available at http://www= .eyrie.org/~eagle/software/kstart/k5start.html and having that maintain= credentials in the session, then copying the KRB5CCNAME into a new session= and having it renew the Kerberos tickets, so when k5start runs aklog it= 9;ll renew the tokens in the suspended session. It's not ideal but it d= oes allow you to have session resuming.

I am not sure what the secu= rity implications would be doing this since I suspect this would be frowned= on by the Kerberos community. This k5start tool was intended to keep long = running processes from losing their file system access on a host.

Roy Williams (fang64@gmail.com)=
--089e013a1f16d2fe2b050c893221--