Automatically Renewing Your Kerberos Ticket

If you are a user who tends to stay logged into a workstation for days at a time it can important to make sure you Kerberos ticket doesn’t expire. If your Kerberos ticket expires, simulations or other programs you are running won’t be able to access/write to data in your home directory or to stashes. Some other programs, like web browsers, also don’t behave properly when they can’t continually write to your homedir and can make your workstation unstable by spawning an excessive number of processes or by having too many pending IO operations to your home directory.

Krenew is a program that can renew your kerberos ticket, either manually once or automatically at some time interval until the ticket reaches the end of its life and can’t be renewed anymore. There are several ways you can use krenew to automatically renew your kerberos ticket, and we’ll give some examples of how to do this by putting krenew into your .bash_profile, and how to make a krenew systemd user service to automatically renew your kerberos ticket.

Starting Krenew In Your .bash_profile Or .bashrc

You can start krenew automatically whenever you log into a linux workstation by adding this script segment to your .bash_profile or .bashrc file. This would probably be good to do if you need to keep long running processes running on multiple workstations.

if klist >/dev/null 2>&1 \                                                                                                                                                             
       && which krenew > /dev/null \                                                                                                                                                  
       && ! pgrep -U $USER krenew > /dev/null                                                                                                                                         
   krenew -b -K 60                                                                                                                                                                    

Starting Krenew Using a Systemd User Service

You can make a systemd user service to automatically start/restart krenew. If you have a private workstation that you tend to use this would probably be the most reliable way to keep your kerberos ticket alive.

Defining the krenew systemd user service

To define the krenew systemd user service you’ll need to write this text to a file at ~/.config/systemd/user/krenew.service

Description=Automatically renew my kerberos ticket

ExecStart=/usr/bin/krenew -K 60 -v


Enabling and starting the krenew systemd user service

To actually enable and run the krenew systemd user service you’ll need to run the following commands in a terminal:

systemctl --user daemon-reload
systemctl --user enable krenew.service
systemctl --user start krenew.service
systemctl --user status krenew.service

If this is successful the output of the last command should look something like:

  • krenew.service - Automatically renew my kerberos ticket
    Loaded: loaded (/u/user/.config/systemd/user/krenew.service; enabled; vendor preset: enabled)
    Active: active (running) since Thu 2018-08-09 16:38:25 PDT; 2min 32s ago
    Main PID: 5392 (krenew)
      CGroup: /user.slice/user-9999.slice/user@9999.service/krenew.service
           └─5392 /usr/bin/krenew -K 60 -v
    Aug 09 16:38:25 rita systemd[2582]: Started Automatically renew my kerberos ticket.
    Aug 09 16:38:25 rita krenew[5392]: krenew: renewing credentials for user@CECS.PDX.EDU

Other Ways to use Krenew

The krenew man pages shows various other ways that you can use krenew too. If the above options don’t work for you, it would be worth reading through the man pages.