reana-auth-krb5
provides a container image for creating and
renewing Kerberos tokens. The container image includes no additional
logic or libraries, just the bare minimum to support the Kerberos
operations.
reana-auth-krb5
was developed for use in the REANA reusable research data analysis platform.
The reana-auth-krb5
image is used internally in the REANA platform
to refres the Kerberos token for long running jobs. The end users can
ask for Kubernetes authentication by means of declaring kerberos:
true
, more information here.
If you want to try it locally, a Kerberos token can be obtained via:
$ docker run -i -t --rm docker.io/reanahub/reana-auth-krb5:1.0.1 /bin/bash > kinit -k -t /path/to/keytab_file [email protected] > klist
Running the reana-auth-krb5
and successfully obtaining a shared
token on a sidecar container requires additional information and
inputs:
- Kerberos cache
location to be shared, configured through the
KRB5CCNAME
environment variable - Kerberos configuration
at
/etc/krb5.conf
(overridable)
Version 1.0.1 (2020-08-12)
- Add CERN Kerberos configuration.
Version 1.0.0 (2020-08-05)
- Initial release
If you would like to contribute to reana-auth-krb5
development,
you can take advantage of the provided Makefile
:
$ make build # build a new version of the container image $ make test # test the built image $ make push # push it to Docker Hub
For more information about REANA reusable research data analysis platform, please see its documentation.
The list of contributors in alphabetical order: