Questions Regarding User Tokens
John Joshua Gutierrez
jjg9803 at gmail.com
Thu Dec 7 18:34:53 EST 2023
Hi Kerberos Team,
My name is John Gutierrez and I work with Deep Apple Therapeutics. We have
a small cluster running Kerberos and would like guidance on a couple of
issues. We have been experiencing difficulty with user authentication and
keeping tickets alive to run processes for more than 7 days without getting
kicked out. We are not experts of Kerberos and we probably have very poor
configuration. Here are our questions:
- How do we extend ticket lifetime to 14 days?
- We have tried to set the ticket lifetime to 14 days in krb5.conf
[realm] but it caps out to one day
- How do we extend renewable ticket lifetime to 30 days?
- We set the variable to 30 days but it only caps out to 14 days.
- Kinit would sometimes give us an expiration date from the past
- Kinit needs to be done on every single node you want to use. If, no
kinit then no access to NFS home directory.
We currently work around the issue of token expiration by using a script
that kinits with one day of lifetime and 14 days of renewal and doing a
cronjob every 12 hours to renew the token on every node in our tiny
cluster. Please advise.
Best,
John
More information about the Kerberos
mailing list