Linux でのシームレスな Kerberos 接続

k5start -f <KEYTABFILE> -K <minutes> -l <time> [-u <PRINCIPAL>]
[-v]
You can add this command in the corn job and make sure that the kerberos token is always
alive.

c. k5start -f <KEYTABFILE> -K <minutes> -l <time> [-u <PRINCIPAL>] [-v]
-f keytab
Authenticate using the keytab rather than asking for a password. A key for the client principal must be present in keytab.

-K minutes
Run in daemon mode to keep a ticket alive indefinitely. The program reawakens after minutes minutes, checks if the ticket will expire before or less than two minutes after the next scheduled check, and gets a new ticket if needed. If this option is not given but a command was given on the command line, an interval appropriate for the ticket lifetime will be used.

-l time string
Set the ticket lifetime. time string should be in a format recognized by the Kerberos libraries for specifying times, such as "10h" (ten hours) or "10m" (ten minutes). Known units are "s", "m", "h", and "d"

-v
Be verbose. This will print out a bit of additional information about what is being attempted and what the results are.

For example:
k5start -f <FilePath>/impala.keytab -K 1 -l 3m impala/quickstart.cloudera@CLOUDERA
k5start -f <FilePath>/impala.keytab -K 1 -l 3m impala/quickstart.cloudera@CLOUDERA -v

 kinit -k -t <keytab_filename> <principal>
Refer https://linux.die.net/man/1/kinit .
-k [-t keytab_file]