[36307] in Kerberos
Re: Client keytab ignored when CC has expired
daemon@ATHENA.MIT.EDU (Greg Hudson)
Tue Jul 29 16:58:04 2014
Message-ID: <53D80ACD.7030806@mit.edu>
Date: Tue, 29 Jul 2014 16:57:49 -0400
From: Greg Hudson <ghudson@mit.edu>
MIME-Version: 1.0
To: Michael Osipov <1983-01-06@gmx.net>, Kerberos@mit.edu
In-Reply-To: <53D80930.5010006@gmx.net>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
On 07/29/2014 04:50 PM, Michael Osipov wrote:
> my application tries to acquire a GSS credential with a client keytab:
>
> $ KRB_CLIENT_KTNAME=$HOME/client.keytab app
The environment variable is KRB5_CLIENT_KTNAME, not KRB_CLIENT_KTNAME.
Did you use the correct variable name?
> No credential is obtained. At that time, the credential was already
> expired.
Was the credential acquired using the client keytab via GSSAPI, or by
hand? The intent is that we refresh credentials obtained using the
client keytab when they are halfway to expired, but that only works if
they were acquired by GSSAPI from the client keytab in the first place.
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
