forked from Controls/gitea-pages
how to check Kerberos state
This commit is contained in:
@@ -15,6 +15,7 @@ parts:
|
||||
- file: user-guide/ssh_host_key_certificates
|
||||
- file: user-guide/ssh_client_config
|
||||
- file: user-guide/firefox_profile_per_host
|
||||
- file: user-guide/kerberos_lifetime
|
||||
- file: user-guide/putty
|
||||
|
||||
- caption: Admin Guide
|
||||
|
||||
@@ -19,4 +19,5 @@ This guide contains tricks and recipies for end users using Red Hat Enterprise L
|
||||
- SSH asks to accept key on unknown host -> [SSH Host Key Certificates](ssh_host_key_certificates)
|
||||
- [SSH Client Configuration](ssh_client_config)
|
||||
- Firefox refuses to start with home directory on the network drive -> [Per Host Default Profile for Firefox](firefox_profile_per_host)
|
||||
- [Kerberos for Long Running Programs/Simulations/Shell Sessions](kerberos_lifetime)
|
||||
- AFS `permission denied` when using Putty -> [SSH Access from Windows using Putty](putty)
|
||||
|
||||
@@ -0,0 +1,15 @@
|
||||
# Kerberos for Long Running Programs/Simulations/Shell Sessions
|
||||
|
||||
Kerberos tickets get invalid at some point and after they can not be used for authentication any more. This results in e.g. AFS or ssh refusing access.
|
||||
|
||||
To check when this will be run `klist` and in the output check below `krbtgt/D.PSI.CH@D.PSI.CH` the `renew until` timestamp:
|
||||
|
||||
```
|
||||
Valid starting Expires Service principal
|
||||
17.03.2023 09:25:20 17.03.2023 19:25:03 krbtgt/D.PSI.CH@D.PSI.CH
|
||||
renew until 24.03.2023 09:25:08
|
||||
```
|
||||
|
||||
To seamlessly continue you need to obtain a new Kerberos ticket before by running `kinit`.
|
||||
It will then ask your password and after sucessful authentication there will be a newly acquired Kerberos ticket which will do it again one week.
|
||||
|
||||
Reference in New Issue
Block a user