Long-running jobs with renewal of krb5 tickets and AFS tokens
Simon Wilkinson
simon at sxw.org.uk
Mon Mar 16 05:51:31 EDT 2009
On 28 Feb 2009, at 23:04, Thomas Kula wrote:
> On Sat, Feb 28, 2009 at 05:42:58PM -0500, Jason Edgecombe wrote:
>> We have users who need to run long-running jobs and store their
>> files in
>> AFS during the run.
>>
>> I've read the k5start and k5renew man pages, but I don't see how I
>> can
>> have users type in their password when they start a job and have the
>> tickets and tokens keep being renewed.
>>
>> How can I do this?
>
> Give them a keytab, but not one for their normal identity (this
> breaks things). Create, rather, an instance for them that can
> be put in a keytab
We (Informatics @ Edinburgh) are developing an identity management
system which provides a user-friendly interface both to allow a user
to create a new instance from their primary one, and to allow them to
assign access control entitlements from their primary instance to the
one they've just created. I'll be talking about, and demoing it, at
this years AFS & Kerberos Best Practices Workshop.
Cheers,
Simon.
More information about the Kerberos
mailing list