Geek in progress

In the previous post, I mentioned that AFS denies access to your files when you do not have a token. This is still true, but apparently, you are able to launch both at and cron jobs using keytabs. This is a file, residing outside of the AFS realm, containing the password in some processed form (so the password is not available in clear text). Keytabs are created by the system administrator. More information is available here (ELIS internal use only). This seems like the best way forward, and also the most secure approach.

There is, hoewever, a far less secure alternative. You can provide your password in a file, or interactively, to the kinit process which will then obtain a token on behalf of the application you wish to execute, by doing

kinit --password-file=filename application

Saving the password in a file (especially outside of AFS) seems like a major security issue, but that's probably me.