Long-running jobs with renewal of krb5 tickets and AFS tokens

[Nicolas Williams]

On Sat, Feb 28, 2009 at 11:40:26PM -0500, Jason Edgecombe wrote:
> I guess setting things for renewable tickets longer than 7 days or 
> running the jobs in local disk will be easiest.
> 
> We have a 7 day normal/renewable lifetime. What length do other sites have?

I have seen sites use on the order of months for the renewable ticket
lifetime, but still hours for normal ticket lifetime.  If you already
use seven days for renew life you might as well double it -- whatever
your threat model is, if you can accept seven days then chances are you
can accept fourteen.

Nico
--