Questions Regarding User Tokens
Ken Hornstein
kenh at cmf.nrl.navy.mil
Thu Dec 7 20:59:01 EST 2023
>1. For the kinit -l and -r, I will get started on changing everything to be
>the same thing. When I finish, I will email back to you if I was successful
>and if not I will send screenshots of the configs.
Note that while I am glad to help, I can't guarantee that I'll be
available for unlimited general help.
>2. For the time problem, I just finished syncing all the machines to one
>local NTP Server. I am using chronyd and we are running Rocky Linux 8.
>Hopefully that fixes that problem.
I'm a little surprised that it worked at all since synchronized clocks
are a requirement of Kerberos, but moving on ...
>3. Yes, we unfortunately are using a scheduler and its SLURM. Would this
>question now go to SLURM Developers or still to Kerberos or both?
That's more of a SLURM question, but out of curiousity I Googled "slurm
kerberos" and it seems like there's a solution there using a software
package called "Auks" which is a central ticket manager that you can
forward TGTs to and it can dole them out to a SLURM job at the right
time. Which is kind of interesting! Caution: it looks to be a bit
complicated, but that is unavoidable. Here's an overview:
https://slurm.schedmd.com/slurm_ug_2012/auks-tutorial.pdf
Auks is here:
https://github.com/cea-hpc/auks
--Ken
More information about the Kerberos
mailing list