It has been reported a couple of times (first time from @nshahquinn-wmf) that on notebooks sometimes the Kerberos credential cache does not last 24h but way less. At the time I remember checking with Neil the output of klist on a regular ssh shell and on the notebook terminal, and the results were different.
The kerberos credential cache is stored under /tmp, and if I have to guess the PrivateTmp Systemd setting that each notebook's unit gets might be the culprit.
| Status | Subtype | Assigned | Task | ||
|---|---|---|---|---|---|
| Resolved | odimitrijevic | T240437 Analytics Ops Technical Debt | |||
| Duplicate | elukey | T247084 Kerberos credential cache expiry time on notebook is different than the OS one |
With PrivateTmp the the named-spaced /tmp gets removed when the correspondent service units terminates. As such, every restart of Jupyter will affect it.
An alternative might be to create the per-user Kerberos credential cache in /run/user/UID; that gets restricted permission-wise, is part of the user's session and Juypter restarts no longer interfere with Kerberos.