|
|
| Line 1: |
Line 1: |
| − | | + | #REDIRECT [[Getting Started with Serial and Parallel MATLAB on Kong and Stheno]] |
| − | When a user logs into an AFS client, the user gets a "Kerberos ticket". The AFS token is generated from the Kerberos ticket. You can see this by
| + | |
| − | logging into any AFS client and running the command 'klist.'
| + | |
| − | | + | |
| − | <pre code>
| + | |
| − | somehost-57 user123>: klist
| + | |
| − | Ticket cache: FILE:/tmp/krb5cc_98765_1Ul1SV
| + | |
| − | Default principal: user123@NJIT.EDU
| + | |
| − | | + | |
| − | Valid starting Expires Service principal
| + | |
| − | 02/27/14 11:44:23 02/27/14 19:44:24 krbtgt/NJIT.EDU@NJIT.EDU
| + | |
| − | renew until 03/29/14 12:44:23
| + | |
| − | 02/27/14 11:44:23 02/27/14 19:44:24 afs/cad.njit.edu@NJIT.EDU
| + | |
| − | renew until 03/29/14 12:44:23
| + | |
| − | </pre>
| + | |
| − | | + | |
| − | To see the tokens :
| + | |
| − | | + | |
| − | <pre code>
| + | |
| − | somehost-58 user123>: tokens
| + | |
| − | | + | |
| − | Tokens held by the Cache Manager:
| + | |
| − | | + | |
| − | User's (AFS ID 98765) tokens for afs@cad.njit.edu [Expires Feb 27 19:44]
| + | |
| − | --End of list--
| + | |
| − | </pre>
| + | |
| − | | + | |
| − | Note that in the above case, the user logged in at 11:44 the ticket and
| + | |
| − | token expires eight hours later, at 19:44. Also note that the ticket is
| + | |
| − | renewable until the end of March.
| + | |
| − | | + | |
| − | The command to automatically renew the Kerberos ticket and AFS token is :
| + | |
| − | | + | |
| − | <pre code>
| + | |
| − | krenew -b -t -K 60
| + | |
| − | | + | |
| − | -b : run the background
| + | |
| − | -t : run aklog to get the AFS token after the ticket is renewed
| + | |
| − | -K 60 : check every 60 minutes and see if the ticket needs to be renewed
| + | |
| − | </pre>
| + | |
| − | | + | |
| − | Using krenew as above is useful in circumstances such as the following:
| + | |
| − | | + | |
| − | * Maintain login credentials on a personal workstation
| + | |
| − | * Maintain a VNC or screen session
| + | |
| − | | + | |
| − | Alternatively, krenew can take a command as an argument. In this case
| + | |
| − | krenew maintains credentials specific to the command. For example, to
| + | |
| − | run sftp with krenew :
| + | |
| − | | + | |
| − | <pre code>
| + | |
| − | krenew -t -K 60 /usr/bin/sftp
| + | |
| − | </pre>
| + | |
| − | | + | |
| − | To run a long running compute job in the background where the output is
| + | |
| − | directed to a file, the argument to krenew needs to be a shell followed
| + | |
| − | by the command :
| + | |
| − | | + | |
| − | <pre code>
| + | |
| − | krenew -t -b -K 60 -- sh -c '/full/path/to/compute-job > /afs/cad/.../output.file'
| + | |
| − | </pre>
| + | |
| − | | + | |
| − | [[Category:Running Jobs]]
| + | |
