reana-auth-krb5 provides a container image for creating and renewing Kerberos tokens. The container image includes no additional logic or libraries, just the bare minimum to support the Kerberos operations.

reana-auth-krb5 was developed for use in the REANA reusable research data analysis platform.

The reana-auth-krb5 image is used internally in the REANA platform to refres the Kerberos token for long running jobs. The end users can ask for Kubernetes authentication by means of declaring kerberos: true, more information here.

If you want to try it locally, a Kerberos token can be obtained via:

$ docker run -i -t --rm docker.io/reanahub/reana-auth-krb5:1.0.1 /bin/bash
> kinit -k -t /path/to/keytab_file [email protected]
> klist

Running the reana-auth-krb5 and successfully obtaining a shared token on a sidecar container requires additional information and inputs:

• Kerberos cache location to be shared, configured through the KRB5CCNAME environment variable
• Kerberos configuration at /etc/krb5.conf (overridable)

Version 1.0.1 (2020-08-12)

• Add CERN Kerberos configuration.

Version 1.0.0 (2020-08-05)

• Initial release

If you would like to contribute to reana-auth-krb5 development, you can take advantage of the provided Makefile:

$ make build  # build a new version of the container image
$ make test   # test the built image
$ make push   # push it to Docker Hub

For more information about REANA reusable research data analysis platform, please see its documentation.

The list of contributors in alphabetical order:

• Diego Rodriguez
• Tibor Simko