« Nested LDAP groups and coSign.... | Main | SA Lisa Team Goals *initial list* »

May 30, 2012

Managing Kerberos Credentuals for Xgrid

So, one of the issues we've encountered in the past regarding Xgrid and scripting out job progress and information results from the fact that Xgrid uses LDAP and Kerberos for EVERYTHING, which means you'll a ticket to do anything. We've whipped out a simple script that does this (admittedly, this is a hack, but it works for temporary usage...):
---------------------------------------------------------------
if ( $ARGV[0] eq "-k" || $ARGV[0] eq "--k" )
{

open PASS, "/path/to/encrypted/pass/krb5.pass" or die $!;
while ()

my $cipher = new Crypt::Blowfish "my key";
my $plaintext = $cipher->decrypt($_);
chomp($plaintext);
my $krb5_princ;
Authen::Krb5::init_context();
$krb5_princ = Authen::Krb5::parse_name('pcastuser');

my $krb5_sprinc = Authen::Krb5::sname_to_principal(
"myserver.com",
'xgrid',KRB5_NT_SRV_HST
);
my $cc = Authen::Krb5::cc_default();

Authen::Krb5::get_in_tkt_with_password(
$krb5_princ,
$krb5_sprinc,
$plaintext,$cc
);

}
---------------------------------------------------------------
This allowed us to extract a listing of submitted Xgrid jobs (e.g, Podcast Producer) for MTube migration.

Posted by cdgrieb at May 30, 2012 09:56 AM

Comments

Login to leave a comment. Create a new account.