[OpenAFS] Re: Tokens and screen under linux

Andrew Deason adeason@sinenomine.net
Mon, 6 Jul 2009 10:17:59 -0500

On Mon, 06 Jul 2009 16:30:17 +0200
Lars Schimmer <l.schimmer@cgv.tugraz.at> wrote:

> Hash: SHA1
> Hi!
> One of our users try to run a job longer than usual tokens runtime.
> Keeping a ssh open for that long time is not wanted.
> We use a Win 2003 AD server as a krb5 KDC and krenew just hits
> "krenew: error renewing credentials: KDC can't fulfill requested
> option". And if I login as user, hit a screen command, the screen
> process has ticket/tokens like login user. I can detach and reattach
> screen like usual. But if I detach screen and logoff, ticket/tokens
> for the running screen are lost.
> How can I run a long time job on linux in screen without tokens get
> lost?

Are tickets/tokens being destroyed as part of logging off? (Either in
the shell logout scripts, or perhaps something in PAM.) Does the screen
session have a PAG?

I usually either temporarily disable destroying credentials on logoff,
or acquire a new PAG and change KRB5CCNAME before creating a screen

Andrew Deason