[37181] in Kerberos
Re: Compatibilty between mixed kerberos release (KDC 1.12 client
daemon@ATHENA.MIT.EDU (Todd Grayson)
Wed Jul 29 22:15:43 2015
MIME-Version: 1.0
In-Reply-To: <201507300206.t6U26f59002987@hedwig.cmf.nrl.navy.mil>
From: Todd Grayson <tgrayson@cloudera.com>
Date: Wed, 29 Jul 2015 20:15:09 -0600
Message-ID: <CALNT6MU5sof5w=DPu2yMFw1fd74KwtG9bknHafOY8ypRQLWVnA@mail.gmail.com>
To: Ken Hornstein <kenh@cmf.nrl.navy.mil>
Cc: kerberos@mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
Actually the krbtgt got generated without a renewable life value (was at
0), missed this during the troubleshooting, so nothing other than the need
to express renew lifetime properly in the configuration. Thanks tho for
the feedback.
On Wed, Jul 29, 2015 at 8:06 PM, Ken Hornstein <kenh@cmf.nrl.navy.mil>
wrote:
> >Is there any general wisdom out there about mixed KDC/Client versions?
> Are
> >there concerns around allowing environments drift to where a KDC would be
> >on a later release than the clients?
>
> FWIW, we run a whole bunch of crazy versions of Kerberos, and generally
> there is not an interoperability problem; the protocol is pretty well
> specified and in general everything works fine at that level.
>
> >There seems to be a change in default behavior in the 1.12+ where
> renewable
> >tickets must be specifically requested (RHEL 7 is including the 1.12 as
> the
> >tested krb release in platform).
>
> This is more of a problem, but I don't consider this an interoperability
> issue.
>
> --Ken
> ________________________________________________
> Kerberos mailing list Kerberos@mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos
>
--
Todd Grayson
Customer Operations Engineering
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos