[36429] in Kerberos
Re: Man page description of kinit -R
daemon@ATHENA.MIT.EDU (Brett Randall)
Thu Sep 4 12:07:31 2014
MIME-Version: 1.0
In-Reply-To: <CAKnQG+dgT8V0TW6opyoMDCpfZhC-MoFm_6qaC6c1+AuWFkhaOA@mail.gmail.com>
Date: Fri, 5 Sep 2014 00:24:24 +1000
Message-ID: <CALeEUB7cjPXkeBcQOiT1akgN2YHH22Zd-pCLYUowEHJE6PWxaA@mail.gmail.com>
From: Brett Randall <javabrett@gmail.com>
To: Kevin Coffman <kwc@umich.edu>
Cc: kerberos <kerberos@mit.edu>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
On 4 September 2014 23:29, Kevin Coffman <kwc@umich.edu> wrote:
> Hi Brett,
> Just a thought. Is the ticket perhaps expired but still within the clock
> skew window?
Good point, but I don't think so. The default (max) clockskew is 5
minutes, so I waited until 10 minutes after my TGT expired - it was
able to be renewed with kinit -R.
>
> K.C.
>
>
> On Wed, Sep 3, 2014 at 8:41 PM, Brett Randall <javabrett@gmail.com> wrote:
>>
>> Hi,
>>
>> krb5-1.10.1 here.
>>
>> My local man page for kinit (as well as
>> http://web.mit.edu/kerberos/krb5-1.12/doc/user/user_commands/kinit.html
>> ) has the following description of the kinit -R option:
>>
>> -R: requests renewal of the ticket-granting ticket. Note that an
>> expired ticket cannot be renewed, even if the ticket is still within
>> its renewable life.
>>
>> Does the comment "an expired ticket cannot be renewed" remain true,
>> and if so, can someone help me understand "expired" in this context?
>> If I have a ticket which has an "Expires" date-time (as reported by
>> klist) which is in the past, but a "renew until" date which is in the
>> future, I can successfully renew the ticket using kinit -R. I see
>> this as renewal of an expired, but renewable and
>> within-renewable-period ticket.
>>
>> Is that expected, and is the above comment now a doc-bug?
>>
>> Thanks
>> Brett
>> ________________________________________________
>> Kerberos mailing list Kerberos@mit.edu
>> https://mailman.mit.edu/mailman/listinfo/kerberos
>
>
>
>
> --
>
> Kevin Coffman
> Learning Informatics,
> Enabling Technologies,
> Medical School Information Services Learning Program
> University of Michigan Medical School
> 517 917 0592 (google voice)
> 734 330 4706 (cell)
> kwc@umich.edu
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
