[OpenAFS] Tokens and screen under linux

Anders Magnusson ragge@ltu.se
Mon, 06 Jul 2009 18:22:59 +0200


Lars Schimmer wrote:
> Hi!
>
> One of our users try to run a job longer than usual tokens runtime.
> Keeping a ssh open for that long time is not wanted.
> We use a Win 2003 AD server as a krb5 KDC and krenew just hits
> "krenew: error renewing credentials: KDC can't fulfill requested option=
".
> And if I login as user, hit a screen command, the screen process has
> ticket/tokens like login user. I can detach and reattach screen like
> usual. But if I detach screen and logoff, ticket/tokens for the running
> screen are lost.
>
> How can I run a long time job on linux in screen without tokens get los=
t?
I would do something like

% kinit -t /path/to/my/secret/keytab tcsh

This depends on Heimdal kinit, but it will keep your tickets and tokens
up-to-date as long as you are not exiting the started tcsh.  It also give=
s
you a new credential cache and a new PAG, so it will work even if the
parent PAG or credential cache gets destroyed.

-- Ragge



> Debian amd64 system
> OpenAFS 1.4.10+dfsg1-1~bpo50+1
> libkrb53 1.6.dfsg.4~beta1-5lenny1
>
>
> MfG,
> Lars Schimmer
> --
> -------------------------------------------------------------
> TU Graz, Institut f=FCr ComputerGraphik & WissensVisualisierung
> Tel: +43 316 873-5405       E-Mail: l.schimmer@cgv.tugraz.at
> Fax: +43 316 873-5402       PGP-Key-ID: 0x4A9B1723
> _______________________________________________
> OpenAFS-info mailing list
> OpenAFS-info@openafs.org
> https://lists.openafs.org/mailman/listinfo/openafs-info
>