arla , krb and ntp

Harald Barth haba at pdc.kth.se
Tue Mar 28 19:56:32 CEST 2000 



> What shall I writte to get klog for all my users into cern.ch
> desy.de and rhic on the same computer ?

That should be possible by first getting tickets for realm A and
then tokens for cell a and then the same for realm B and cell b. I
used kinit and afslog. Don't know how to do that with klog. See below.

> The second question is : if one user has a ticket on one computer to
> cern.ch (for ex) and submittes a job using LSF or PVM

If you are lucky your batch system takes care of that. At PDC our
Argonne derived EASY batch system does that for our users. The batch
system can decide if it forwards tickets or tokens. Forwarding tickets
or tokens in a secure way is something that has to be thought about
more than once. (TFTP for example is not good ;-)

> The third question is what happens if the time for a job exeedes the
> time of the ticket ?

Your users get unhappy. You have to tell your users more than once
that they should get _long_ tickets and you may test that the tickets
have reasonable lifetime in the submit script.

Harald.

PS: 
puffin:~$ kinit haba at STACKEN.KTH.SE
eBones International (puffin.pdc.kth.se)
Kerberos Initialization for "haba at STACKEN.KTH.SE"
Password: 
puffin:~$ klist -T
Ticket file:    /tmp/tkt22421_516887132
Principal:      haba at STACKEN.KTH.SE

  Issued           Expires          Principal
Mar 28 19:22:00  Mar 29 05:22:00  krbtgt.STACKEN.KTH.SE at STACKEN.KTH.SE

AFS tokens:
puffin:~$ afslog -c stacken.kth.se 
puffin:~$ klist -T
Ticket file:    /tmp/tkt22421_516887132
Principal:      haba at STACKEN.KTH.SE

  Issued           Expires          Principal
Mar 28 19:22:00  Mar 29 05:22:00  krbtgt.STACKEN.KTH.SE at STACKEN.KTH.SE
Mar 28 19:22:11  Mar 29 05:22:11  afs at STACKEN.KTH.SE

AFS tokens:
Mar 28 19:22:11  Mar 29 05:22:10  User's (AFS ID 22421) tokens for stacken.kth.se
puffin:~$ kinit d88-hba at E.KTH.SE
eBones International (puffin.pdc.kth.se)
Kerberos Initialization for "d88-hba at E.KTH.SE"
Password: 
puffin:~$ klist -T
Ticket file:    /tmp/tkt22421_516887132
Principal:      d88-hba at E.KTH.SE

  Issued           Expires          Principal
Mar 28 19:22:31  Mar 29 05:22:31  krbtgt.E.KTH.SE at E.KTH.SE

AFS tokens:
Mar 28 19:22:11  Mar 29 05:22:10  User's (AFS ID 22421) tokens for stacken.kth.se
puffin:~$ afslog -c e.kth.se 
puffin:~$ klist -T
Ticket file:    /tmp/tkt22421_516887132
Principal:      d88-hba at E.KTH.SE

  Issued           Expires          Principal
Mar 28 19:22:31  Mar 29 05:22:31  krbtgt.E.KTH.SE at E.KTH.SE
Mar 28 19:22:44  Mar 29 05:22:44  afs at E.KTH.SE

AFS tokens:
Mar 28 19:22:44  Mar 29 05:22:43  User's (AFS ID 22421) tokens for e.kth.se
Mar 28 19:22:11  Mar 29 05:22:10  User's (AFS ID 22421) tokens for stacken.kth.se
puffin:~$ touch /afs/e.kth.se/home/guests/d88-hba/testdir/foo
puffin:~$ touch /afs/stacken.kth.se/home/haba/testdir/foo

More information about the Arla-drinkers mailing list