summarylogtreecommitdiffstats
path: root/kstart.service
blob: a7e4e725bd582a47f912395def0e3db036e5742c (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
[Unit]
Description=Kerberos Ticket Acquisition Daemon

[Service]
Type=forking
ExecStart=/usr/bin/k5start -K30 -a -H30 -f $KEYTAB -U -t -b -L
# -K30	Run forever, wake up every 30 min
# -a	With -K, renew on every wakeup regardless of lifetime
# -H30	With -K, renew if less than 30 min left (default 2 min)
# -f	Use keytab to acquire initial tickets
# -U	Read client principal name from keytab
# -t	Run $AKLOG after every renewal (for OpenAFS)
# -b	Detach on startup (only if -f keytab is specified)
# -L	Log to syslog
# -v	Be verbose
ExecReload=/bin/kill -s ALRM $MAINPID
StandardOutput=null
Restart=on-failure
RestartForceExitStatus=SIGALRM

# Keytab to use for acquiring credentials when none are available.
# (Mandatory; use krenew.service if you don't want this functionality.)
Environment=KEYTAB=%h/.config/default.keytab

# Program that will be run after every successful renewal.
# (Defaults to /usr/bin/aklog, which is the OpenAFS token acquisition tool.)
Environment=AKLOG=/usr/bin/true

[Install]
WantedBy=default.target

# vim: ft=systemd