[37196] in Kerberos
Re: Unable to create renewable ticket when we switched to a 1.12 KDC
daemon@ATHENA.MIT.EDU (Russ Allbery)
Fri Aug 21 15:24:46 2015
From: Russ Allbery <eagle@eyrie.org>
To: Ishaan Joshi <ishaan@cloudera.com>
In-Reply-To: <CAPACEZCCrru7BywDMLH6mUK3H8YNjG5EqTRJjhYUH2UW81QTog@mail.gmail.com>
(Ishaan Joshi's message of "Fri, 21 Aug 2015 11:51:53 -0700")
Date: Fri, 21 Aug 2015 12:24:23 -0700
Message-ID: <87lhd41m3c.fsf@hope.eyrie.org>
MIME-Version: 1.0
Cc: kerberos@mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
Ishaan Joshi <ishaan@cloudera.com> writes:
> Our earlier behaviour was to issue the following kinit to periodically
> renew our daemon's ticket: "kinit -r <time_string> -k -t <keytab>
> <service_name>". The time_string was hard coded to a day. The renewal time
> was controlled by another option that was passed in.
This isn't directly related to the problem that you're having, but you may
want to take a look at:
http://www.eyrie.org/~eagle/software/kstart/
which was designed to do exactly this. It may save you some duplicate
effort.
--
Russ Allbery (eagle@eyrie.org) <http://www.eyrie.org/~eagle/>
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
