hautreux
commented
2 years ago Thanks for you work on auks.
This is a really nice addition, great job.
I had something similar in mind for a long time, something that I called TGS prefetching. If you generalize your patch a little bit more to define and acquire a list of TGS instead of only the cross-realm ticket, you will also avoid to blast the kdc as well when attempting to access other kerberized services at scale. That may be of some interest :)
This repo is no longer maintained, please go to https://github.com/cea-hpc/auks to find the official version and use that for your PR instead.
If "CrossRealm" is set in the configuration, attempt to retrieve a cross-realm ticket for the given realm before forwarding credentials to AUKSD. This effectively prevents overloading the initial KDC with the job's compute nodes (which will all require to fetch such ticket eventually).
Signed-off-by: Jonathan Calmels jcalmels@nvidia.com