Strategy to renew TGT - any thoughts?
by Francis Augusto Medeiros-Logeay
Hi,
We have a few machines that joined a FreeIPA instance. We use NFSv4 +
kerberos to mount home directories.
However, if the user do not log on to the machine for more than 7 days,
and he leaves a job executing and that writes to some file on his home
directory, the cpu usage of the machine goes up to the sky and the
machine gets almost unusable.
Is there a good strategy to fetch new TGT's when near expiration? I know
some users generate a key tab (or fetch them using ipa-getkeytab) to
automate a kinit, but I wonder if we could come with a system-wide
solution that doesn't lead to storing key tabs around.
Any tips for that?
Best,
--
Francis Augusto Medeiros-Logeay
Oslo, Norway