[30777] in Kerberos
Re: Long-running jobs with renewal of krb5 tickets and AFS tokens
daemon@ATHENA.MIT.EDU (Russ Allbery)
Sat Feb 28 18:36:39 2009
To: kerberos@mit.edu
In-Reply-To: <49A9BDF2.6030402@rampaginggeek.com> (Jason Edgecombe's message
of "Sat\, 28 Feb 2009 17\:42\:58 -0500")
From: Russ Allbery <rra@stanford.edu>
Date: Sat, 28 Feb 2009 15:35:08 -0800
Message-ID: <874oyeb0er.fsf@windlord.stanford.edu>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
Jason Edgecombe <jason@rampaginggeek.com> writes:
> We have users who need to run long-running jobs and store their files in
> AFS during the run.
>
> I've read the k5start and k5renew man pages, but I don't see how I can
> have users type in their password when they start a job and have the
> tickets and tokens keep being renewed.
>
> How can I do this?
If you're not dealing with a batch environment, where the execution
happens some time after the user authenticates, then krenew is what you
want. It just doesn't do the initial ticket acquisition.
You configure your PAM module and krb5.conf to get renewable tickets by
default, so that the user already has renewable tickets when they start
the job. Then run the job under krenew. It will make a private copy of
the existing ticket cache and then keep renewing tickets and tokens until
either it can't any more or the job ends.
If you *are* dealing with a batch environment, you want Kula's approach.
--
Russ Allbery (rra@stanford.edu) <http://www.eyrie.org/~eagle/>
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
