reana-auth-krb5
provides a container image for creating and renewing Kerberos tokens.
The container image includes no additional logic or libraries, just the bare minimum to
support the Kerberos operations.
reana-auth-krb5
was developed for use in the REANA reusable
research data analysis platform.
The reana-auth-krb5
image is used internally in the REANA platform to refresh the
Kerberos token for long running jobs. The end users can ask for Kubernetes authentication
by means of declaring kerberos: true
, more information
here.
If you want to try it locally, a Kerberos token can be obtained via:
$ docker run -i -t --rm docker.io/reanahub/reana-auth-krb5:1.0.3 /bin/bash
> kinit -k -t /path/to/keytab_file username@CERN.CH
> klist
Running the reana-auth-krb5
and successfully obtaining a shared token on a sidecar
container requires additional information and inputs:
- Kerberos cache
location to be shared, configured through the
KRB5CCNAME
environment variable - Kerberos configuration
at
/etc/krb5.conf
(overridable)
Version 1.0.3 (2024-04-18)
- Upgrade container base image to Ubuntu 20.04 LTS for consistency with the other REANA cluster components.
Version 1.0.2 (2024-04-17)
- Add new dependency
inotify-tools
that provides theinotifywait
utility that is used by REANA 0.95 to quickly stop the Kerberos sidecar containers when the user jobs finish their execution.
Version 1.0.1 (2020-08-12)
- Add CERN Kerberos configuration.
Version 1.0.0 (2020-08-05)
- Initial release
If you would like to contribute to reana-auth-krb5
development, you can take advantage
of the provided Makefile
:
$ make build # build a new version of the container image
$ make test # test the built image
$ make push # push it to Docker Hub
For more information about REANA reusable research data analysis platform, please see its documentation.