[39323] in Kerberos
Questions Regarding User Tokens
daemon@ATHENA.MIT.EDU (John Joshua Gutierrez)
Thu Dec 7 18:44:00 2023
MIME-Version: 1.0
From: John Joshua Gutierrez <jjg9803@gmail.com>
Date: Thu, 7 Dec 2023 15:34:53 -0800
Message-ID: <CAP2Q0J4L7eJ+ZD9mXchmQh69Bq=o8oGoXTfzxxy2hskSrgyBxA@mail.gmail.com>
To: kerberos@mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
Hi Kerberos Team,
My name is John Gutierrez and I work with Deep Apple Therapeutics. We have
a small cluster running Kerberos and would like guidance on a couple of
issues. We have been experiencing difficulty with user authentication and
keeping tickets alive to run processes for more than 7 days without getting
kicked out. We are not experts of Kerberos and we probably have very poor
configuration. Here are our questions:
- How do we extend ticket lifetime to 14 days?
- We have tried to set the ticket lifetime to 14 days in krb5.conf
[realm] but it caps out to one day
- How do we extend renewable ticket lifetime to 30 days?
- We set the variable to 30 days but it only caps out to 14 days.
- Kinit would sometimes give us an expiration date from the past
- Kinit needs to be done on every single node you want to use. If, no
kinit then no access to NFS home directory.
We currently work around the issue of token expiration by using a script
that kinits with one day of lifetime and 14 days of renewal and doing a
cronjob every 12 hours to renew the token on every node in our tiny
cluster. Please advise.
Best,
John
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
