Long-running jobs with renewal of krb5 tickets and AFS tokens

Simon Wilkinson simon at sxw.org.uk
Mon Mar 16 05:51:31 EDT 2009

On 28 Feb 2009, at 23:04, Thomas Kula wrote:

> On Sat, Feb 28, 2009 at 05:42:58PM -0500, Jason Edgecombe wrote:
>> We have users who need to run long-running jobs and store their  
>> files in
>> AFS during the run.
>> I've read the k5start and k5renew man pages, but I don't see how I  
>> can
>> have users type in their password when they start a job and have the
>> tickets and tokens keep being renewed.
>> How can I do this?
> Give them a keytab, but not one for their normal identity (this
> breaks things). Create, rather, an instance for them that can
> be put in a keytab

We (Informatics @ Edinburgh) are developing an identity management  
system which provides a user-friendly interface both to allow a user  
to create a new instance from their primary one, and to allow them to  
assign access control entitlements from their primary instance to the  
one they've just created. I'll be talking about, and demoing it, at  
this years AFS & Kerberos Best Practices Workshop.



More information about the Kerberos mailing list