login:kerberos
Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revision | ||
login:kerberos [2021/07/13 09:09] – jas | login:kerberos [2024/01/22 09:25] (current) – jas | ||
---|---|---|---|
Line 9: | Line 9: | ||
===== How does this affect me? ===== | ===== How does this affect me? ===== | ||
- | Kerberos tickets have a 10 hour lifetime, and can be renewed for up to 7 days without needing to re-enter | + | Kerberos tickets have a 10 hour lifetime, and can be renewed for up to 7 days without needing to re-enter |
You will **not** be affected by this change if your usage falls into one of the following categories: | You will **not** be affected by this change if your usage falls into one of the following categories: | ||
- | 1) Login sessions to indigo/ | + | 1) Login sessions to indigo/ |
2) Local logins to office or lab workstations, | 2) Local logins to office or lab workstations, | ||
Line 21: | Line 21: | ||
You **will** be affected by this change if your usage falls into one of the following categories: | You **will** be affected by this change if your usage falls into one of the following categories: | ||
- | 1) If you typically ssh to indigo/ | + | 1) If you SSH to any tech-managed systems other than indigo/ |
- | 2) If your login sessions are typically longer than 10 hours (excluding those cases referred to above in the section on systems that are not affected), you will be affected by this change. | + | 2) If your login sessions are typically longer than 10 hours in duration where usage does not fall within the cases unaffected by the change above, you will be affected by this change. |
3) If you run unattended jobs that will run for more than 10 hours, you will be affected by this change. | 3) If you run unattended jobs that will run for more than 10 hours, you will be affected by this change. | ||
Line 99: | Line 99: | ||
krenew -K 60 -b | krenew -K 60 -b | ||
- | krenew will automatically renew the Kerberos ticket for your login session. | + | krenew will run in the background, automatically renewing your Kerberos ticket for your login session. |
===== Processes That Run for More Than 7 Days ===== | ===== Processes That Run for More Than 7 Days ===== | ||
- | For processes that will run for more than 7 days, where it would obviously | + | For processes that will run for more than 7 days, where it is obviously impractical to constantly renew your Kerberos |
First, you will create a custom keytab file using the ktutil command, replacing < | First, you will create a custom keytab file using the ktutil command, replacing < | ||
Line 115: | Line 115: | ||
</ | </ | ||
- | The keytab file will be written to a file called < | + | The keytab file will be written to a file called < |
Test that the keytab file can be used to authenticate as you. First, run " | Test that the keytab file can be used to authenticate as you. First, run " | ||
Line 129: | Line 129: | ||
</ | </ | ||
- | Note that you will not be asked for your password because the keytab file includes what is required for kinit to initialize your ticket. | + | Note that you will not be asked to enter your password because the keytab file includes what is required for kinit to initialize your Kerberos |
If you see the following error: | If you see the following error: | ||
Line 141: | Line 141: | ||
You should be able to list your new Kerberos ticket using the " | You should be able to list your new Kerberos ticket using the " | ||
- | Now, in the future, whenever | + | Now, you can run your job using k5start: |
k5start -f <full path to keytab file> < | k5start -f <full path to keytab file> < |
login/kerberos.1626181755.txt.gz · Last modified: 2021/07/13 09:09 by jas