Russ Allbery wrote: > Jason Edgecombe <[email protected]> writes: > > >> We have users who need to run long-running jobs and store their files in >> AFS during the run. >> >> I've read the k5start and k5renew man pages, but I don't see how I can >> have users type in their password when they start a job and have the >> tickets and tokens keep being renewed. >> >> How can I do this? >> > > If you're not dealing with a batch environment, where the execution > happens some time after the user authenticates, then krenew is what you > want. It just doesn't do the initial ticket acquisition. > > You configure your PAM module and krb5.conf to get renewable tickets by > default, so that the user already has renewable tickets when they start > the job. Then run the job under krenew. It will make a private copy of > the existing ticket cache and then keep renewing tickets and tokens until > either it can't any more or the job ends. > > If you *are* dealing with a batch environment, you want Kula's approach. > Sigh,
I guess setting things for renewable tickets longer than 7 days or running the jobs in local disk will be easiest. We have a 7 day normal/renewable lifetime. What length do other sites have? I might need use the job scheduler approach, but that's a pain. I would guess 10-20 people would want that ability. I ether need to modify our account maintenance processes or do it all manually. Has anyone automated the management of user.cron principals? unfortunately, I have had to tell people that they can't have an infinite ticket lifetime. :P Thanks for the help! Thanks, Jason ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
