Questions Regarding User Tokens

Ken Hornstein kenh at cmf.nrl.navy.mil
Thu Dec 7 20:59:01 EST 2023


>1. For the kinit -l and -r, I will get started on changing everything to be
>the same thing. When I finish, I will email back to you if I was successful
>and if not I will send screenshots of the configs.

Note that while I am glad to help, I can't guarantee that I'll be
available for unlimited general help.

>2. For the time problem, I just finished syncing all the machines to one
>local NTP Server. I am using chronyd and we are running Rocky Linux 8.
>Hopefully that fixes that problem.

I'm a little surprised that it worked at all since synchronized clocks
are a requirement of Kerberos, but moving on ...

>3. Yes, we unfortunately are using a scheduler and its SLURM. Would this
>question now go to SLURM Developers or still to Kerberos or both?

That's more of a SLURM question, but out of curiousity I Googled "slurm
kerberos" and it seems like there's a solution there using a software
package called "Auks" which is a central ticket manager that you can
forward TGTs to and it can dole them out to a SLURM job at the right
time.  Which is kind of interesting!  Caution: it looks to be a bit
complicated, but that is unavoidable.  Here's an overview:

	https://slurm.schedmd.com/slurm_ug_2012/auks-tutorial.pdf

Auks is here:

	https://github.com/cea-hpc/auks

--Ken


More information about the Kerberos mailing list