To access the AFS home directory on a VM where we login as root and have no AFS tokens, we have to export the AFS tokens for the user whose directories we want to access. e.g. if test-user wants to access his AFS home as root from a VM, I must:
This also shows that your kerberos tickets can be misused if they are not destroyed before exit.
- Get kerberos tickets for my username
- Forward my tickets to the VM by logging in
- Note the tickets cache filename
- Logout of the VM
- Get non forwardable root tickets
- Login to the VM as root
- Export the tickets cache "export KRB5CCNAME=/tmp/filename" from 3
- Get new AFS tokens with afslog
- Now the access to the AFS cell of test-user should be enabled
This also shows that your kerberos tickets can be misused if they are not destroyed before exit.