blob: a7e4e725bd582a47f912395def0e3db036e5742c (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
|
[Unit]
Description=Kerberos Ticket Acquisition Daemon
[Service]
Type=forking
ExecStart=/usr/bin/k5start -K30 -a -H30 -f $KEYTAB -U -t -b -L
# -K30 Run forever, wake up every 30 min
# -a With -K, renew on every wakeup regardless of lifetime
# -H30 With -K, renew if less than 30 min left (default 2 min)
# -f Use keytab to acquire initial tickets
# -U Read client principal name from keytab
# -t Run $AKLOG after every renewal (for OpenAFS)
# -b Detach on startup (only if -f keytab is specified)
# -L Log to syslog
# -v Be verbose
ExecReload=/bin/kill -s ALRM $MAINPID
StandardOutput=null
Restart=on-failure
RestartForceExitStatus=SIGALRM
# Keytab to use for acquiring credentials when none are available.
# (Mandatory; use krenew.service if you don't want this functionality.)
Environment=KEYTAB=%h/.config/default.keytab
# Program that will be run after every successful renewal.
# (Defaults to /usr/bin/aklog, which is the OpenAFS token acquisition tool.)
Environment=AKLOG=/usr/bin/true
[Install]
WantedBy=default.target
# vim: ft=systemd
|