I assume that the reason that SSHd creates the sshd credential cache
in /tmp/krb5cc_<uid>_<randomchars> is so that an ssh session will
not share the same credential cache with say, a local workstation
login.
In addition, if the user wants to run a really long job, and that
job will run for longer than 7 days, I can instruct the user to
create a keytab file, then pass that to kinit periodically via cron,
but I'll have the same problem -- they would have to specify the
full path to their credential cache because kinit would otherwise
assume the default location of /tmp/krb5cc_<uid>.
Let's assume that the user won't be logging into the local
workstation and will only connect via SSH. Would it be reasonable
for me to manually copy /tmp/krb5cc_<uid>_<randomchars> to
/tmp/krb5cc_<uid> when required, then change KRB5CCNAME to point to /tmp/krb5cc_<uid> instead of /tmp/krb5cc_<uid>_<randomchars> so that
things just work? This way, sshd can delete it's cache as required
on logout, and the user can continue to easily run their compute job
(albeit being careful about local workstation login versus remote
ssh login to the same machine).
I know there are other mechanisms for credential cache. In my case,
those won't work on my current installation.
Sysop: | Keyop |
---|---|
Location: | Huddersfield, West Yorkshire, UK |
Users: | 296 |
Nodes: | 16 (2 / 14) |
Uptime: | 43:15:36 |
Calls: | 6,648 |
Files: | 12,193 |
Messages: | 5,329,635 |