[30871] in Kerberos
Re: Long-running jobs with renewal of krb5 tickets and AFS tokens
daemon@ATHENA.MIT.EDU (Simon Wilkinson)
Mon Mar 16 05:52:58 2009
X-Barracuda-Envelope-From: simon@sxw.org.uk
Message-Id: <3C8D5C20-0791-4806-97F5-5DA79513AF24@sxw.org.uk>
From: Simon Wilkinson <simon@sxw.org.uk>
To: Thomas Kula <kula@tproa.net>
In-Reply-To: <20090228230438.GJ9102@mcketrick.tproa.net>
Mime-Version: 1.0 (Apple Message framework v930.3)
Date: Mon, 16 Mar 2009 09:51:31 +0000
Cc: kerberos@mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
On 28 Feb 2009, at 23:04, Thomas Kula wrote:
> On Sat, Feb 28, 2009 at 05:42:58PM -0500, Jason Edgecombe wrote:
>> We have users who need to run long-running jobs and store their
>> files in
>> AFS during the run.
>>
>> I've read the k5start and k5renew man pages, but I don't see how I
>> can
>> have users type in their password when they start a job and have the
>> tickets and tokens keep being renewed.
>>
>> How can I do this?
>
> Give them a keytab, but not one for their normal identity (this
> breaks things). Create, rather, an instance for them that can
> be put in a keytab
We (Informatics @ Edinburgh) are developing an identity management
system which provides a user-friendly interface both to allow a user
to create a new instance from their primary one, and to allow them to
assign access control entitlements from their primary instance to the
one they've just created. I'll be talking about, and demoing it, at
this years AFS & Kerberos Best Practices Workshop.
Cheers,
Simon.
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
