Kerberos ticket expired: Difference between revisions
(Created page with "Your home directory is secured using -what is called- kerberos tickets. As long as you have such a ticket you have access to your home directory. When the ticket is deleted,...") |
No edit summary |
||
| (4 intermediate revisions by one other user not shown) | |||
| Line 1: | Line 1: | ||
[[Category:home-directory-faq]] | |||
==== TL;DR ==== | |||
You need to authenticate with your password at least once per week in order to keep access to your home directory. | |||
To do this, run the <code>kinit</code> command explicitly or unlock your screen. | |||
==== Details ==== | |||
Your home directory is secured using -what is called- kerberos tickets. As | Your home directory is secured using -what is called- kerberos tickets. As | ||
long as you have such a ticket you have access to your home directory. When the | long as you have such a ticket you have access to your home directory. When the | ||
| Line 13: | Line 19: | ||
re-entering your password up to max 1 week. | re-entering your password up to max 1 week. | ||
When you login on an LWP, | When you login on an LWP, ticket validity is extended automatically to one week. | ||
automatically to one week. | |||
So, in order to have uninterrupted access to your home directory, you need to either: | So, in order to have uninterrupted access to your home directory, you need to either: | ||
| Line 31: | Line 36: | ||
possible to authenticate without providing your password (e.g. by using public | possible to authenticate without providing your password (e.g. by using public | ||
key authentication or even a kerberos ticket). That is were it gets more | key authentication or even a kerberos ticket). That is were it gets more | ||
complicated. In those cases please run the | complicated. In those cases please run the <code>kadvice</code> script mentioned above to | ||
get some advice on the optimal SSH command line options to use. | get some advice on the optimal SSH command line options to use. | ||
Latest revision as of 11:29, 8 November 2019
TL;DR
You need to authenticate with your password at least once per week in order to keep access to your home directory.
To do this, run the kinit command explicitly or unlock your screen.
Details
Your home directory is secured using -what is called- kerberos tickets. As long as you have such a ticket you have access to your home directory. When the ticket is deleted, lost or expired you lose access to your home directory (and project directory/directories)
You get such a ticket:
- automatically when you login with your password (as opposed to e.g. with SSH public key)
- automatically when you unlock your screen using your password
- when you explicitly enter the
kinitcommand (it will prompt for your password)
These tickets expire after 12 hours. But the validity can be extended *without*
re-entering your password up to max 1 week.
When you login on an LWP, ticket validity is extended automatically to one week.
So, in order to have uninterrupted access to your home directory, you need to either:
- Run the
kinitcommand every week (or every day or so if that's more convenient) - Make sure you unlock your screen at least once a week, e.g. by configuring automatic screen locking.
Advanced commands:
klist- Shows kerberos ticket information
kadvice- Shows verbose kerberos ticket information, including advice on e.g. SSH command line option to use for maximum ticket validity.
If you use SSH from within the university network to access an LWP, it is
possible to authenticate without providing your password (e.g. by using public
key authentication or even a kerberos ticket). That is were it gets more
complicated. In those cases please run the kadvice script mentioned above to
get some advice on the optimal SSH command line options to use.