If you are a user who tends to stay logged into a workstation for days at a time it can important to make sure you Kerberos ticket doesn’t expire. If your Kerberos ticket expires, simulations or other programs you are running won’t be able to access/write to data in your home directory or to stashes. Some other programs, like web browsers, also don’t behave properly when they can’t continually write to your homedir and can make your workstation unstable by spawning an excessive number of processes or by having too many pending IO operations to your home directory.

Krenew is a program that can renew your kerberos ticket, either manually once or automatically at some time interval until the ticket reaches the end of its life and can’t be renewed anymore. There are several ways you can use krenew to automatically renew your kerberos ticket, and we’ll give some examples of how to do this by putting krenew into your .bash_profile, and how to make a krenew systemd user service to automatically renew your kerberos ticket.

You can start krenew automatically whenever you log into a linux workstation by adding this script segment to your .bash_profile or .bashrc file. This would probably be good to do if you need to keep long running processes running on multiple workstations.

if klist >/dev/null 2>&1 \                                                                                                                                                             
       && which krenew > /dev/null \                                                                                                                                                  
       && ! pgrep -U $USER krenew > /dev/null                                                                                                                                         
then                                                                                                                                                                                   
   krenew -b -K 60                                                                                                                                                                    
fi

You can make a systemd user service to automatically start/restart krenew. If you have a private workstation that you tend to use this would probably be the most reliable way to keep your kerberos ticket alive.

To define the krenew systemd user service you’ll need to write this text to a file at ~/.config/systemd/user/krenew.service

[Unit]
Description=Automatically renew my kerberos ticket
After=autofs.service

[Service]
ExecStart=/usr/bin/krenew -K 60 -v
Restart=always

[Install]
WantedBy=multi-user.target

To actually enable and run the krenew systemd user service you’ll need to run the following commands in a terminal:

systemctl --user daemon-reload
systemctl --user enable krenew.service
systemctl --user start krenew.service
systemctl --user status krenew.service

If this is successful the output of the last command should look something like:

• krenew.service - Automatically renew my kerberos ticket
  Loaded: loaded (/u/user/.config/systemd/user/krenew.service; enabled; vendor preset: enabled)
  Active: active (running) since Thu 2018-08-09 16:38:25 PDT; 2min 32s ago
  Main PID: 5392 (krenew)
    CGroup: /user.slice/user-9999.slice/user@9999.service/krenew.service
         └─5392 /usr/bin/krenew -K 60 -v
  
  Aug 09 16:38:25 rita systemd[2582]: Started Automatically renew my kerberos ticket.
  Aug 09 16:38:25 rita krenew[5392]: krenew: renewing credentials for user@CECS.PDX.EDU

The krenew man pages shows various other ways that you can use krenew too. If the above options don’t work for you, it would be worth reading through the man pages.