Commit 0e25bd0b authored by Domenico Giordano's avatar Domenico Giordano
Browse files

fix kerberos procedure

parent f6783ef9
...@@ -180,25 +180,26 @@ function install_all(){ ...@@ -180,25 +180,26 @@ function install_all(){
export KRB5CCNAME export KRB5CCNAME
kinit -c \${KRB5CCNAME} srvdaana@CERN.CH #srvdaana can be changed with another user kinit -c \${KRB5CCNAME} srvdaana@CERN.CH #srvdaana can be changed with another user
2.1 In order to renew the Kerberos ticket follow this procedure 2.1 In order to renew the Kerberos ticket follow this procedure, on the VM
source ${CONTROL_AD_DIR}/secret.sh source ${CONTROL_AD_DIR}/secret.sh
export KRB5CCNAME export KRB5CCNAME
cd dir_where_ACCOUNT.kt_is (*) cd <dir where the file ACCOUNT.kt is located into the VM> (*)
kinit -k -t ACCOUNT.kt -c \$KRB5CCNAME srvdaana@CERN.CH kinit -k -t ACCOUNT.kt -c \$KRB5CCNAME srvdaana@CERN.CH
export KINIT_PROG=eosfusebind export KINIT_PROG=eosfusebind
k5start -f \`pwd\`/ACCOUNT.kt -L -K 30 -k \${KRB5CCNAME} -b -U -t k5start -f \`pwd\`/ACCOUNT.kt -L -K 30 -k \${KRB5CCNAME} -b -U -t
ps -f --pid \`pgrep k5start\` ps -f --pid \`pgrep k5start\`
# eosfusebind needs to be renewed (using cron to workaround this) # eosfusebind needs to be renewed (using cron to workaround this)
line=\"* * * * * (date; export KRB5CCNAME=\$KRB5CCNAME ;klist; eosfusebind; ls /eos/) &> /tmp/cron_eosfusebind.txt\" line=\"* * * * * (date; export KRB5CCNAME=\$KRB5CCNAME ;klist; eosfusebind; ls /eos/) &> /tmp/cron_eosfusebind.txt\"
(crontab -l; echo "$line" ) | crontab - (crontab -l; echo \"\$line\" ) | crontab -
crontab -l crontab -l
(*) where the keytab ACCOUNT.kt is generated on lxplus via (*) where the keytab ACCOUNT.kt is generated on lxplus via
cern-get-keytab --keytab private/ACCOUNT.kt --user --login ACCOUNT cern-get-keytab --keytab private/ACCOUNT.kt --user --login ACCOUNT
as documented in https://cern.service-now.com/kb_view.do?sysparm_article=KB0003405 as documented in https://cern.service-now.com/kb_view.do?sysparm_article=KB0003405
and then transferred (i.e. scp ) into the VM
3. Before starting the docker-compose of Anomaly Detection System 3. Before starting the docker-compose of Anomaly Detection System
You may want to change dummy passwords in ${CONTROL_AD_DIR}/secret.sh You may want to change dummy passwords in ${CONTROL_AD_DIR}/secret.sh
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment