Long-running jobs with renewal of krb5 tickets and AFS tokens
Russ Allbery
rra at stanford.edu
Sat Feb 28 23:43:49 EST 2009
Jason Edgecombe <jason at rampaginggeek.com> writes:
> I guess setting things for renewable tickets longer than 7 days or
> running the jobs in local disk will be easiest.
>
> We have a 7 day normal/renewable lifetime. What length do other sites
> have?
Seven days here as well. That's also our limit on how long we let compute
jobs run on our normal timeshare systems. We're working on a batch
queuing system that will use separate cron instances.
> I might need use the job scheduler approach, but that's a pain. I would
> guess 10-20 people would want that ability. I ether need to modify our
> account maintenance processes or do it all manually.
>
> Has anyone automated the management of user.cron principals?
> unfortunately, I have had to tell people that they can't have an
> infinite ticket lifetime. :P
We've automated similar things here and there's some support for it in the
kadmin-remctl package. I'm hoping to clean that up substantially at some
point, but haven't had the time (and it's not in the top hundred on my
priority list at the moment).
--
Russ Allbery (rra at stanford.edu) <http://www.eyrie.org/~eagle/>
More information about the Kerberos
mailing list