[37158] in Kerberos
Re: kerberos ticket cache
daemon@ATHENA.MIT.EDU (Simo Sorce)
Fri Jul 17 09:13:29 2015
Date: Fri, 17 Jul 2015 09:13:13 -0400 (EDT)
From: Simo Sorce <simo@redhat.com>
To: John Devitofranceschi <jdvf@optonline.net>
Message-ID: <1756431942.19061285.1437138793784.JavaMail.zimbra@redhat.com>
In-Reply-To: <3BD78EDD-91A5-45A0-8DBA-04936CC157A6@optonline.net>
MIME-Version: 1.0
Cc: Simo Sorce <simo@redhat.com>, kerberos@mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
----- Original Message -----
> From: "John Devitofranceschi" <jdvf@optonline.net>
> To: kerberos@mit.edu
> Cc: "Simo Sorce" <simo@redhat.com>
> Sent: Friday, July 17, 2015 6:52:01 AM
> Subject: Re: kerberos ticket cache
>
>
> > On Jul 10, 2015, at 10:06 AM, Simo Sorce <simo@redhat.com> wrote:
> >
> >
> > The same is for Kerberized NFS in Linux, the session keys are stored in
> > the kernel and there is currently no way to revoke them, however once
> > the session is destroyed the kernel will not be able to recreate it.
> >
>
> How long does it take for the stored session keys to expire after the ccache
> is destroyed? Is it based on ticket lifetime?
Yes, the "endtime" of the established context is passed down to the kernel, and
it will be used to check when the context expires. When it does the kernel returns
an "Expired Context" error.
Simo.
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
