Automatically Renewing Your Kerberos Ticket
If you are a user who tends to stay logged into a workstation for days at a time it can important to make sure you Kerberos ticket doesn’t expire. If your Kerberos ticket expires, simulations or other programs you are running won’t be able to access/write to data in your home directory or to stashes. Some other programs, like web browsers, also don’t behave properly when they can’t continually write to your homedir and can make your workstation unstable by spawning an excessive number of processes or by having too many pending IO operations to your home directory.
Krenew is a program that can renew your kerberos ticket, either manually once or automatically at some time interval until the ticket reaches the end of its life and can’t be renewed anymore. There are several ways you can use krenew to automatically renew your kerberos ticket, and we’ll give some examples of how to do this by putting krenew into your .bash_profile, and how to make a krenew systemd user service to automatically renew your kerberos ticket.
Starting Krenew In Your .bash_profile Or .bashrc
You can start krenew automatically whenever you log into a linux workstation by adding this script segment to your .bash_profile or .bashrc file. This would probably be good to do if you need to keep long running processes running on multiple workstations.
if klist >/dev/null 2>&1 \ && which krenew > /dev/null \ && ! pgrep -U $USER krenew > /dev/null then krenew -b -K 60 fi
Starting Krenew Using a Systemd User Service
You can make a systemd user service to automatically start/restart krenew. If you have a private workstation that you tend to use this would probably be the most reliable way to keep your kerberos ticket alive.
Defining the krenew systemd user service
To define the krenew systemd user service you’ll need to write this text to a file at ~/.config/systemd/user/krenew.service
[Unit] Description=Automatically renew my kerberos ticket After=autofs.service [Service] ExecStart=/usr/bin/krenew -K 60 -v Restart=always [Install] WantedBy=multi-user.target
Enabling and starting the krenew systemd user service
To actually enable and run the krenew systemd user service you’ll need to run the following commands in a terminal:
systemctl --user daemon-reload systemctl --user enable krenew.service systemctl --user start krenew.service systemctl --user status krenew.service
If this is successful the output of the last command should look something like:
krenew.service - Automatically renew my kerberos ticket Loaded: loaded (/u/user/.config/systemd/user/krenew.service; enabled; vendor preset: enabled) Active: active (running) since Thu 2018-08-09 16:38:25 PDT; 2min 32s ago Main PID: 5392 (krenew) CGroup: /email@example.com/krenew.service └─5392 /usr/bin/krenew -K 60 -v Aug 09 16:38:25 rita systemd: Started Automatically renew my kerberos ticket. Aug 09 16:38:25 rita krenew: krenew: renewing credentials for user@CECS.PDX.EDU
Other Ways to use Krenew
The krenew man pages shows various other ways that you can use krenew too. If the above options don’t work for you, it would be worth reading through the man pages.