This document describes how to use cron and other non-interactive systems to run programs on computers using AFS in Stanford Computer Science Department. Some familiarity with AFS is assumed.
One of the advantages of using AFS is that it offers strong protection for files by requiring Kerberos authentication and access-control list permissions in order to access files. The downside to this strong security is that it is more difficult to run programs that do not interact with anyone, such as daemons, mail delivery agents, and cron jobs.
In particular, cron jobs present a problem because, ideally, they require no system administrator intervention in order to work. Each user should be able to create cron jobs as they see fit.
The solution that the Computer Science Department offers is called akcron. Using this command, you create an avatar, or alternate identity, for your CS ID and run unattended jobs using that identity.
<user>.cron, where <user> is your normal CS ID.
Initializing
The first time you run akcron, you must create your special CSID/cron principal. To do this, run akcron -i on any CS machine (e.g. xenon). You only need to do this once.
The system on which you wish to run cron jobs must be enabled to do so. To check that, run akcron -c tokens as a test. If you get an error message that looks like this:
kinit(v5): Client not found in Kerberos database while getting initial credentials Could not obtain kerberos ticket for cron/xenon.stanford.edu: 256 at /afs/cs/software/bin/akcron line 187.
then please email action@cs and ask that the host you are using be enabled for akcron.
Since akcron will execute as a special user, you must grant AFS permissions to this user for directories in AFS that you want the program to access. For example, if your cron job will read a file from your home directory, you must grant read permissions on it:
fs sa ~ <CSID>.cron read
where <CSID> is your CSID. Similar steps must be taken for other directories and different permissions (e.g., write).
Usage
To run a command using akcron, use the -c or -e flag. For example, a cron job to run the program foo should execute
akcron -c 'foo'
