how to check Kerberos state

This commit is contained in:
2023-03-17 09:31:11 +01:00
parent 7b157ea117
commit 2f3308aa4e
3 changed files with 17 additions and 0 deletions
+1
View File
@@ -15,6 +15,7 @@ parts:
- file: user-guide/ssh_host_key_certificates
- file: user-guide/ssh_client_config
- file: user-guide/firefox_profile_per_host
- file: user-guide/kerberos_lifetime
- file: user-guide/putty
- caption: Admin Guide
+1
View File
@@ -19,4 +19,5 @@ This guide contains tricks and recipies for end users using Red Hat Enterprise L
- SSH asks to accept key on unknown host -> [SSH Host Key Certificates](ssh_host_key_certificates)
- [SSH Client Configuration](ssh_client_config)
- Firefox refuses to start with home directory on the network drive -> [Per Host Default Profile for Firefox](firefox_profile_per_host)
- [Kerberos for Long Running Programs/Simulations/Shell Sessions](kerberos_lifetime)
- AFS `permission denied` when using Putty -> [SSH Access from Windows using Putty](putty)
+15
View File
@@ -0,0 +1,15 @@
# Kerberos for Long Running Programs/Simulations/Shell Sessions
Kerberos tickets get invalid at some point and after they can not be used for authentication any more. This results in e.g. AFS or ssh refusing access.
To check when this will be run `klist` and in the output check below `krbtgt/D.PSI.CH@D.PSI.CH` the `renew until` timestamp:
```
Valid starting Expires Service principal
17.03.2023 09:25:20 17.03.2023 19:25:03 krbtgt/D.PSI.CH@D.PSI.CH
renew until 24.03.2023 09:25:08
```
To seamlessly continue you need to obtain a new Kerberos ticket before by running `kinit`.
It will then ask your password and after sucessful authentication there will be a newly acquired Kerberos ticket which will do it again one week.