LinuxSupportFAQForm | |
---|---|
SupportProblem | kinit, klog, klog.krb clarification - what to use on SLC? |
SupportAnswer |
As part of the ongoing migration from Kerberos4 to Kerberos5, users are asked to no longer run the klog command, and instead use kinit . This is typically only required to get fresh credentials in a long-running session (new sessions that authenticate the user with a password should generally start with fresh credentials anyway).
Using klog is deprecated and should be avoided, unless under very specific circumstances where only an AFS token is desired.
BackgroundOriginally, each of the commands had one specific functionality:
kinit (from /usr/sue/bin, which usually comes very early in the PATH) actually is a shell script that invokes (MIT) kinit and afs5log - this provides Kerberos5+4+AFS credentials in one go. A similar shell for klog script now gives a warning.
It has been suggested to instead have klog invoke kinit , to hide this transition from the users. We feel that the technical difference should rather be exposed, especially since kinit has interesting other options (it can for example "renew" an existing credential without asking for a password, this is not available with klog ). This way, we expect users to better understand the underlying details, which allows us to troubleshoot issues much quicker.
|
OsVersion | all |
HardwareArchitecture | any |
ApprovedBySupport | SupportApproved |