Long-running jobs with renewal of krb5 tickets and AFS tokens
Russ Allbery
rra at stanford.edu
Sat Feb 28 18:35:08 EST 2009
Jason Edgecombe <jason at rampaginggeek.com> writes:
> We have users who need to run long-running jobs and store their files in
> AFS during the run.
>
> I've read the k5start and k5renew man pages, but I don't see how I can
> have users type in their password when they start a job and have the
> tickets and tokens keep being renewed.
>
> How can I do this?
If you're not dealing with a batch environment, where the execution
happens some time after the user authenticates, then krenew is what you
want. It just doesn't do the initial ticket acquisition.
You configure your PAM module and krb5.conf to get renewable tickets by
default, so that the user already has renewable tickets when they start
the job. Then run the job under krenew. It will make a private copy of
the existing ticket cache and then keep renewing tickets and tokens until
either it can't any more or the job ends.
If you *are* dealing with a batch environment, you want Kula's approach.
--
Russ Allbery (rra at stanford.edu) <http://www.eyrie.org/~eagle/>
More information about the Kerberos
mailing list