Long-running jobs with renewal of krb5 tickets and AFS tokens

Jason Edgecombe jason at rampaginggeek.com
Sun Mar 1 10:28:05 EST 2009


Russ Allbery wrote:
> Jason Edgecombe <jason at rampaginggeek.com> writes:
>   
>> I guess setting things for renewable tickets longer than 7 days or
>> running the jobs in local disk will be easiest.
>>
>> We have a 7 day normal/renewable lifetime. What length do other sites
>> have?
>>     
>
> Seven days here as well.  That's also our limit on how long we let compute
> jobs run on our normal timeshare systems.  We're working on a batch
> queuing system that will use separate cron instances.
>
>   
>> I might need use the job scheduler approach, but that's a pain. I would
>> guess 10-20 people would want that ability. I ether need to modify our
>> account maintenance processes or do it all manually.
>>
>> Has anyone automated the management of user.cron principals?
>> unfortunately, I have had to tell people that they can't have an
>> infinite ticket lifetime. :P
>>     
>
> We've automated similar things here and there's some support for it in the
> kadmin-remctl package.  I'm hoping to clean that up substantially at some
> point, but haven't had the time (and it's not in the top hundred on my
> priority list at the moment)
Adding extra principals would probably annoy my users and my boss. 
Besides, it's not on my top 100 todo list either. I'll deal with it if 
needed and just tell people to use local disk for storage or use screen 
with weekly kinit's.

Thanks to everyone for their help!

Sincerely,
Jason



More information about the Kerberos mailing list