Embed Size (px)
DESCRIPTION
Renewing Tokens for AFS. Preliminary Notes. Active UMBC (AFS) account exists for the user AFS accounts include access to systems such as gl.umbc.edu and umbc7.umbc.edu Non-AFS accounts include access to systems such as cs.umbc.edu and umbc2.umbc.edu (for which this procedure will NOT work!) - PowerPoint PPT Presentation
Citation preview
Renewing Tokens for AFSRenewing Tokens for AFS
Preliminary NotesPreliminary Notes
Active UMBC (AFS) account exists for the Active UMBC (AFS) account exists for the useruserAFS accounts include access to systems such AFS accounts include access to systems such
as gl.umbc.edu and umbc7.umbc.eduas gl.umbc.edu and umbc7.umbc.eduNon-AFS accounts include access to systems Non-AFS accounts include access to systems
such as cs.umbc.edu and umbc2.umbc.edu such as cs.umbc.edu and umbc2.umbc.edu (for which this procedure will NOT work!)(for which this procedure will NOT work!)
User has been logged on for 24+ hoursUser has been logged on for 24+ hours
TokensTokens
An ID An ID Contains user’s time stampContains user’s time stampContains user’s life timeContains user’s life timeKeeps time records for the duration of a login Keeps time records for the duration of a login
sessionsessionExpires after 24+ hoursExpires after 24+ hours
When Tokens Expire…When Tokens Expire…
To renew tokens:To renew tokens:At the UNIX command line prompt, type:At the UNIX command line prompt, type:
klogklog oror kinitkinit
Where:Where: klogklog - kernel error logging interface - kernel error logging interface kinitkinit - kernel initiation - kernel initiation
In this case, we will use In this case, we will use kinitkinitUser verification will be required via passwordUser verification will be required via password
Executing the CommandExecuting the Command
““Run-away” or Unusual ProcessesRun-away” or Unusual Processes
Make sure that no “run-away” or unusual Make sure that no “run-away” or unusual process exist process exist
This may be resulting in the token This may be resulting in the token expirationsexpirations
To retrieve a list of running processes To retrieve a list of running processes Type the following at the UNIX command Type the following at the UNIX command
prompt:prompt:ps -fu <username> ps -fu <username>
Executing the CommandExecuting the Command
Purposes for Verifying Running Purposes for Verifying Running ProcessesProcesses
To make sure a process has not been left To make sure a process has not been left running by mistakerunning by mistake
To make sure no ‘unusual’ process existsTo make sure no ‘unusual’ process existsMay suggest suspicious activityMay suggest suspicious activityEspecially if user is logged in via ‘Especially if user is logged in via ‘ insecureinsecure’ ’
TELNET!TELNET!
TroubleshootingTroubleshooting
ProblemProblem Possible CausePossible Cause SolutionSolutionThe The kinitkinit command cannot command cannot
be executedbe executed
1.1. The system is The system is confusedconfused
2.2. System is System is experiencing experiencing problems problems
1.1. Kill current session Kill current session and login againand login again
2.2. If user cannot login If user cannot login again… wait… it is again… wait… it is probably the system! probably the system!
User notes User notes excessive or excessive or “unusual” “unusual” processes running processes running in his/her accountin his/her account
1.1. User may have User may have left an old left an old process runningprocess running
2.2. Someone else Someone else may have control may have control of account of account
Contact UNIX consultant to Contact UNIX consultant to help fix the problem/kill help fix the problem/kill
unnecessary processesunnecessary processes
QuestionsQuestions??
