Kerberos ticket expired: Difference between revisions

Your home directory is secured using -what is called- kerberos tickets. As long as you have such a ticket you have access to your home directory. When the ticket is deleted, lost or expired you lose access to your home directory (and project directory/directories)

You get such a ticket:

• automatically when you login with your password (as opposed to e.g. with SSH public key)
• automatically when you unlock your screen using your password
• when you explicitly enter the kinit command (it will prompt for your password)

These tickets expire after 12 hours. But the validity can be extended *without* re-entering your password up to max 1 week.

When you login on an LWP, extending validity of the ticket happens automatically to one week.

So, in order to have uninterrupted access to your home directory, you need to either:

• Run the kinit command every week (or every day or so if that's more convenient)
• Make sure you unlock your screen at least once a week, e.g. by configuring automatic screen locking.

Advanced commands:

klist

Shows kerberos ticket information

kadvice

Shows verbose kerberos ticket information, including advice on e.g. SSH command line option to use for maximum ticket validity.

If you use SSH from within the university network to access an LWP, it is possible to authenticate without providing your password (e.g. by using public key authentication or even a kerberos ticket). That is were it gets more complicated. In those cases please run the kadvice script mentioned above to get some advice on the optimal SSH command line options to use.