This website is no longer maintained. Its content may be obsolete. Please visit http://home.cern/ for current CERN information.
Francisco Lozano CN/DCI
AFS users are faced with the problem of expiring tokens when they leave jobs running for longer than one day. To solve this two new tools are now available for all supported UNIX platforms.
reauth is a utility that renews the AFS tokens at fixed intervals in time. It is a way for long-running programs to renew their AFS authentication without direct user intervention. The reauth program never terminates and can only be killed manually or by rebooting the workstation. Exiting the session is not enough to kill reauth . For this reason, the recommended command is 'aexec' (see below). The command reauth has the following syntax:
reauth <time> <principal> [<password>]
where:
<time> is the time in seconds between reauthentications <principal> is the name of the user <password> is the user's password. If a password is not specified on the command line, it is read from the terminal
aexec is a utility that uses reauth to keep on refreshing the AFS token of a job and thus allows it to run for longer than the AFS token lifetime (normally 25 hours). It has the syntax:
aexec <time> [-p <file>] [-bg] <command> [[params]...]
where:
<time> is the time in seconds between reauthentications -p <file> allows the user to specify the password in a local file (applicable only in special cases) -bg execute the target <command> in the background <command> [[params]...] program to be run with never-ending AFS token
Warning: Running reauth can entail security problems. If reauth is run with the password in the command line, a simple ps command could expose the password to another user. Thus, passwords should only be entered when prompted.
These tools should not be used for the sole purpose of avoiding to have to type commands to get the AFS token. Users are encouraged to use klog whenever possible.
Both utilities reside in /usr/local/bin .
For more details see the man pages for these commands.