diff --git a/_toc.yml b/_toc.yml index 27c768d0..5eb1d70f 100644 --- a/_toc.yml +++ b/_toc.yml @@ -15,6 +15,7 @@ parts: - file: user-guide/ssh_host_key_certificates - file: user-guide/ssh_client_config - file: user-guide/firefox_profile_per_host + - file: user-guide/kerberos_lifetime - file: user-guide/putty - caption: Admin Guide diff --git a/user-guide/index.md b/user-guide/index.md index 377b2f0f..62f4f2f9 100644 --- a/user-guide/index.md +++ b/user-guide/index.md @@ -19,4 +19,5 @@ This guide contains tricks and recipies for end users using Red Hat Enterprise L - SSH asks to accept key on unknown host -> [SSH Host Key Certificates](ssh_host_key_certificates) - [SSH Client Configuration](ssh_client_config) - Firefox refuses to start with home directory on the network drive -> [Per Host Default Profile for Firefox](firefox_profile_per_host) +- [Kerberos for Long Running Programs/Simulations/Shell Sessions](kerberos_lifetime) - AFS `permission denied` when using Putty -> [SSH Access from Windows using Putty](putty) diff --git a/user-guide/kerberos_lifetime.md b/user-guide/kerberos_lifetime.md new file mode 100644 index 00000000..96ae5730 --- /dev/null +++ b/user-guide/kerberos_lifetime.md @@ -0,0 +1,15 @@ +# Kerberos for Long Running Programs/Simulations/Shell Sessions + +Kerberos tickets get invalid at some point and after they can not be used for authentication any more. This results in e.g. AFS or ssh refusing access. + +To check when this will be run `klist` and in the output check below `krbtgt/D.PSI.CH@D.PSI.CH` the `renew until` timestamp: + +``` +Valid starting Expires Service principal +17.03.2023 09:25:20 17.03.2023 19:25:03 krbtgt/D.PSI.CH@D.PSI.CH + renew until 24.03.2023 09:25:08 +``` + +To seamlessly continue you need to obtain a new Kerberos ticket before by running `kinit`. +It will then ask your password and after sucessful authentication there will be a newly acquired Kerberos ticket which will do it again one week. +