Once you have been authenticated to the Kerberos server, you can automatically pass your Kerberos credentials to other hosts and services. You would then be able to log into other hosts in the cmf.nrl.navy.mil domain without supplying your password again. It is important to avoid sending a cleartext password across any network. If your local machine is not part of the cmf.nrl.navy.mil domain, you are encouraged to use one of our Kerberos kits on your local host (the installation procedure does not require system privileges).
The command KLIST will list your Kerberos tickets. Each ticket has a default expiration time of 25 hours. For long-running jobs see the renewable tickets below.
The command kinit will obtain a Kerberos ticket-granting ticket. The command aklog will use the ticket-granting ticket to obtain an AFS ticket and token.
Note... If possible, run kinit on your local machine to avoid sending your password in cleartext across the network. This is important computer security for both you and our site.
As mentioned previously, Kerberos tickets expire after 25 hours. There are many cases where you wish to run a program that will take longer than 25 hours, but still have credentials to write into AFS space. You can accomplish this by using the krenew program.
To use this program, first get a renewable ticket using the -r option to kinit. The -r option takes as an argument the maximum amount of time you wish to renew the ticket.
You can check the maximum renewable time of your ticket using klist.
Once you have a renewable ticket, run your job using krenew. (Just run the command krewew with your job as the command-line argument.)
krenew will automatically renew your tokens at the appropriate times, making sure that you always have valid Kerberos and AFS credentials.
The maximum amount of time you may renew tickets is seven days. If you wish to run jobs that last longer than seven days, please send your request to the sysadmin mailing list.
You can read the Kerberos User's Guide for more detailed information on how to use Kerberos.
You can see compatible systems for Kerberos here.
You can obtain a Kerberos Kit from the Naval Research Labs here.