Running long jobs while away from your Centrally Managed Ubuntu desktop

Symptom: Access from your PC to any network disk will by default expire either after you log out or after a month of not using the computer while logged in, whichever is sooner.
Solution: If you want to run a long job, the guarenteed way to prevent the disk access expiring is to use the longjob script that I designed for that purpose. It should be run within a screen session so that it can continue to run once you log out. The longjob takes as arguments the length of job (in days) and then the rest of the arguments are the job/script to run and the arguments to that script. e.g.:


screen -S mylongjob
##Inside screen
longjob 66 sleep $(( 24 * 3600 * 66 )); echo my long job can still write to the disk after 66 days > $HOME/longjob

##detatch from screen with "ctrl+A" "D"

The longjob can run for up to a month by renewing your credentials and will not need a password in that case. If longer is required it will ask for your password.

Description and gory details:
The kerberos ticket used to authenticate with the network disks will expire if the user logs out. Running in a screen sessions does not prevent expiry by default. The longjob script decides on the minimum possible credential storage to run a job of the specified length. Should the job be long enough that the 'krenew' command will not be able to keep the kerberos ticket alive for long enough, then a password is required in order to generate a new ticket on demand. A keytab file derived from your password (i.e. not in plain text) stored in a in a temporary file that is private to you is all that is needed, the plain text password is not stored but only used to generate the keytab. However, since the keytab is enough to authenticate you to any services using kerberos in the department (which is a lot), it should be protected. For more infomation on the storage mechanism look up "kerberos keytab file" on google.

Categories: Linux | central linux | kinit | krenew | linuxts | nfs | tplinux