Page MenuHomePhabricator
Create Task
Maniphest T247084

Kerberos credential cache expiry time on notebook is different than the OS one
Closed, DuplicatePublic
Actions

Description

It has been reported a couple of times (first time from @nshahquinn-wmf) that on notebooks sometimes the Kerberos credential cache does not last 24h but way less. At the time I remember checking with Neil the output of klist on a regular ssh shell and on the notebook terminal, and the results were different.

The kerberos credential cache is stored under /tmp, and if I have to guess the PrivateTmp Systemd setting that each notebook's unit gets might be the culprit.

Related Objects
Search...

Event Timeline

elukey created this task.Mar 6 2020, 2:22 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptMar 6 2020, 2:22 PM
MoritzMuehlenhoff subscribed.Mar 6 2020, 2:32 PM

With PrivateTmp the the named-spaced /tmp gets removed when the correspondent service units terminates. As such, every restart of Jupyter will affect it.

An alternative might be to create the per-user Kerberos credential cache in /run/user/UID; that gets restricted permission-wise, is part of the user's session and Juypter restarts no longer interfere with Kerberos.

nshahquinn-wmf awarded a token.Mar 6 2020, 4:20 PM
Milimetric triaged this task as High priority.Mar 9 2020, 4:01 PM
Milimetric moved this task from Incoming to Data Exploration Tools on the Analytics board.
elukey added a parent task: T240437: Analytics Ops Technical Debt.Mar 10 2020, 6:22 PM
elukey closed this task as a duplicate of T255262: Kerberos credential cache location.Dec 9 2020, 1:52 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL