Commit 0e25bd0b authored by Domenico Giordano's avatar Domenico Giordano
Browse files

fix kerberos procedure

parent f6783ef9
......@@ -180,18 +180,18 @@ function install_all(){
kinit -c \${KRB5CCNAME} srvdaana@CERN.CH #srvdaana can be changed with another user
2.1 In order to renew the Kerberos ticket follow this procedure
2.1 In order to renew the Kerberos ticket follow this procedure, on the VM
source ${CONTROL_AD_DIR}/
cd dir_where_ACCOUNT.kt_is (*)
cd <dir where the file ACCOUNT.kt is located into the VM> (*)
kinit -k -t ACCOUNT.kt -c \$KRB5CCNAME srvdaana@CERN.CH
export KINIT_PROG=eosfusebind
k5start -f \`pwd\`/ACCOUNT.kt -L -K 30 -k \${KRB5CCNAME} -b -U -t
ps -f --pid \`pgrep k5start\`
# eosfusebind needs to be renewed (using cron to workaround this)
line=\"* * * * * (date; export KRB5CCNAME=\$KRB5CCNAME ;klist; eosfusebind; ls /eos/) &> /tmp/cron_eosfusebind.txt\"
(crontab -l; echo "$line" ) | crontab -
(crontab -l; echo \"\$line\" ) | crontab -
crontab -l
(*) where the keytab ACCOUNT.kt is generated on lxplus via
......@@ -199,6 +199,7 @@ function install_all(){
cern-get-keytab --keytab private/ACCOUNT.kt --user --login ACCOUNT
as documented in
and then transferred (i.e. scp ) into the VM
3. Before starting the docker-compose of Anomaly Detection System
You may want to change dummy passwords in ${CONTROL_AD_DIR}/
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment