|
|
|
|
|
|
|
|
|
|
|
|
| home | help | back | first | fref | pref | prev | next | nref | lref | last | post |
MIME-Version: 1.0 In-Reply-To: <201507300206.t6U26f59002987@hedwig.cmf.nrl.navy.mil> From: Todd Grayson <tgrayson@cloudera.com> Date: Wed, 29 Jul 2015 20:15:09 -0600 Message-ID: <CALNT6MU5sof5w=DPu2yMFw1fd74KwtG9bknHafOY8ypRQLWVnA@mail.gmail.com> To: Ken Hornstein <kenh@cmf.nrl.navy.mil> Cc: kerberos@mit.edu Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: kerberos-bounces@mit.edu Actually the krbtgt got generated without a renewable life value (was at 0), missed this during the troubleshooting, so nothing other than the need to express renew lifetime properly in the configuration. Thanks tho for the feedback. On Wed, Jul 29, 2015 at 8:06 PM, Ken Hornstein <kenh@cmf.nrl.navy.mil> wrote: > >Is there any general wisdom out there about mixed KDC/Client versions? > Are > >there concerns around allowing environments drift to where a KDC would be > >on a later release than the clients? > > FWIW, we run a whole bunch of crazy versions of Kerberos, and generally > there is not an interoperability problem; the protocol is pretty well > specified and in general everything works fine at that level. > > >There seems to be a change in default behavior in the 1.12+ where > renewable > >tickets must be specifically requested (RHEL 7 is including the 1.12 as > the > >tested krb release in platform). > > This is more of a problem, but I don't consider this an interoperability > issue. > > --Ken > ________________________________________________ > Kerberos mailing list Kerberos@mit.edu > https://mailman.mit.edu/mailman/listinfo/kerberos > -- Todd Grayson Customer Operations Engineering ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos
|
|
|
|
|
|
|
|
|
|
|
|
| home | help | back | first | fref | pref | prev | next | nref | lref | last | post |