-
This site is deprecated and will be decommissioned shortly. For current information regarding HPC visit our new site: hpc.njit.edu
Difference between pages "UserTools" and "UsingKrenew"
(Importing text file) |
(Importing text file) |
||
| Line 1: | Line 1: | ||
| − | + | When a user logs into an AFS client, the user gets a "Kerberos ticket". The AFS token is generated from the Kerberos ticket. You can see this by | |
| − | + | logging into any AFS client and running the command 'klist.' | |
| − | + | ||
| − | + | ||
| − | < | + | <pre code> |
| + | somehost-57 user123>: klist | ||
| + | Ticket cache: FILE:/tmp/krb5cc_98765_1Ul1SV | ||
| + | Default principal: user123@NJIT.EDU | ||
| − | + | Valid starting Expires Service principal | |
| + | 02/27/14 11:44:23 02/27/14 19:44:24 krbtgt/NJIT.EDU@NJIT.EDU | ||
| + | renew until 03/29/14 12:44:23 | ||
| + | 02/27/14 11:44:23 02/27/14 19:44:24 afs/cad.njit.edu@NJIT.EDU | ||
| + | renew until 03/29/14 12:44:23 | ||
| + | </pre> | ||
| + | |||
| + | To see the tokens : | ||
| + | |||
| + | <pre code> | ||
| + | somehost-58 user123>: tokens | ||
| + | |||
| + | Tokens held by the Cache Manager: | ||
| + | |||
| + | User's (AFS ID 98765) tokens for afs@cad.njit.edu [Expires Feb 27 19:44] | ||
| + | --End of list-- | ||
| + | </pre> | ||
| + | |||
| + | Note that in the above case, the user logged in at 11:44 the ticket and | ||
| + | token expires eight hours later, at 19:44. Also note that the ticket is | ||
| + | renewable until the end of March. | ||
| + | |||
| + | The command to automatically renew the Kerberos ticket and AFS token is : | ||
| + | |||
| + | <pre code> | ||
| + | krenew -b -t -K 60 | ||
| + | |||
| + | -b : run the background | ||
| + | -t : run aklog to get the AFS token after the ticket is renewed | ||
| + | -K 60 : check every 60 minutes and see if the ticket needs to be renewed | ||
| + | </pre> | ||
| + | |||
| + | Using krenew as above is useful in circumstances such as the following: | ||
| + | |||
| + | * Maintain login credentials on a personal workstation | ||
| + | * Maintain a VNC or screen session | ||
| + | |||
| + | Alternatively, krenew can take a command as an argument. In this case | ||
| + | krenew maintains credentials specific to the command. For example, to | ||
| + | run sftp with krenew : | ||
| + | |||
| + | <pre code> | ||
| + | krenew -t -K 60 /usr/bin/sftp | ||
| + | </pre> | ||
| + | |||
| + | To run a long running compute job in the background where the output is | ||
| + | directed to a file, the argument to krenew needs to be a shell followed | ||
| + | by the command : | ||
| + | |||
| + | <pre code> | ||
| + | krenew -t -b -K 60 -- sh -c '/full/path/to/compute-job > /afs/cad/.../output.file' | ||
| + | </pre> | ||
| + | |||
| + | [[Category:Running Jobs]] | ||
Latest revision as of 16:36, 5 October 2020
When a user logs into an AFS client, the user gets a "Kerberos ticket". The AFS token is generated from the Kerberos ticket. You can see this by logging into any AFS client and running the command 'klist.'
somehost-57 user123>: klist Ticket cache: FILE:/tmp/krb5cc_98765_1Ul1SV Default principal: user123@NJIT.EDU Valid starting Expires Service principal 02/27/14 11:44:23 02/27/14 19:44:24 krbtgt/NJIT.EDU@NJIT.EDU renew until 03/29/14 12:44:23 02/27/14 11:44:23 02/27/14 19:44:24 afs/cad.njit.edu@NJIT.EDU renew until 03/29/14 12:44:23
To see the tokens :
somehost-58 user123>: tokens Tokens held by the Cache Manager: User's (AFS ID 98765) tokens for afs@cad.njit.edu [Expires Feb 27 19:44] --End of list--
Note that in the above case, the user logged in at 11:44 the ticket and token expires eight hours later, at 19:44. Also note that the ticket is renewable until the end of March.
The command to automatically renew the Kerberos ticket and AFS token is :
krenew -b -t -K 60 -b : run the background -t : run aklog to get the AFS token after the ticket is renewed -K 60 : check every 60 minutes and see if the ticket needs to be renewed
Using krenew as above is useful in circumstances such as the following:
- Maintain login credentials on a personal workstation
- Maintain a VNC or screen session
Alternatively, krenew can take a command as an argument. In this case krenew maintains credentials specific to the command. For example, to run sftp with krenew :
krenew -t -K 60 /usr/bin/sftp
To run a long running compute job in the background where the output is directed to a file, the argument to krenew needs to be a shell followed by the command :
krenew -t -b -K 60 -- sh -c '/full/path/to/compute-job > /afs/cad/.../output.file'
