issue with k5start

Kristen Webb kwebb at teradactyl.com
Tue Sep 25 14:04:36 EDT 2018


I am trying to add k5start to a custom vos routine to automate dump/restore.

My current solution is a traditional klist/kinit/aklog, but has a problem
with the
tokens timing out before a large (multi-day) job can complete.

I want to use a shared credential cache to reduce the traffic to the
kerberos
server (thousands and thousands of backup jobs with say one kinit/day).

When I use the -k ccache option it appears that each job simply overwrites
the cchache file.  Without out it, each job appears to keep it's
own/private ccache
data.  I suppose this makes sense since k5start needs to know when to renew
tickets/tokens based on when each job starts when run with the command
option.

Is there a way to use k5start to achieve what I am after
     - shared ccache for many jobs to keep kerberos server traffic down
     - allow long running jobs to continue beyond their initial aklog
renewal date

If I ran k5start as a daemon and managed periodic aklog's within my
application,
would that work?
-- 
This message is NOT encrypted
--------------------------------
Mr. Kristen J. Webb
Chief Technology Officer
Teradactyl LLC.
2450 Baylor Dr. S.E.
Albuquerque, New Mexico 87106
Phone: 1-505-338-6000
Email: kwebb at teradactyl.com
Web: http://www.teradactyl.com



Providers of Scalable Backup Solutions
   for Unique Data Environments

--------------------------------
NOTICE TO RECIPIENTS: Any information contained in or attached to this
message is intended solely for the use of the intended recipient(s). If
you are not the intended recipient of this transmittal, you are hereby
notified that you received this transmittal in error, and we request
that you please delete and destroy all copies and attachments in your
possession, notify the sender that you have received this communication
in error, and note that any review or dissemination of, or the taking of
any action in reliance on, this communication is expressly prohibited.


Regular internet e-mail transmission cannot be guaranteed to be secure
or error-free. Therefore, we do not represent that this information is
complete or accurate, and it should not be relied upon as such. If you
prefer to communicate with Teradactyl LLC. using secure (i.e., encrypted
and/or digitally signed) e-mail transmission, please notify the sender.
Otherwise, you will be deemed to have consented to communicate with
Teradactyl via regular internet e-mail transmission. Please note that
Teradactyl reserves the right to intercept, monitor, and retain all
e-mail messages (including secure e-mail messages) sent to or from its
systems as permitted by applicable law


More information about the Kerberos mailing list