[37234] in Kerberos
Re: Can't acquire stored impersonated creds from cache
daemon@ATHENA.MIT.EDU (Greg Hudson)
Mon Sep 21 01:05:26 2015
To: Martin Gee <geemang_2000@yahoo.com>, "kerberos@mit.edu" <kerberos@mit.edu>
From: Greg Hudson <ghudson@mit.edu>
Message-ID: <55FF9006.9050203@mit.edu>
Date: Mon, 21 Sep 2015 01:05:10 -0400
MIME-Version: 1.0
In-Reply-To: <1735614421.543761.1442788180714.JavaMail.yahoo@mail.yahoo.com>
Content-Type: text/plain; charset="utf-8"
Errors-To: kerberos-bounces@mit.edu
Content-Transfer-Encoding: 8bit
On 09/20/2015 06:29 PM, Martin Gee wrote:
> On that note, it seems creds / tickets don't refresh either. I'm using
> gss_acquire_cred (to get the TGT). from: Developing with GSSAPI — MIT
> Kerberos Documentation
> <http://web.mit.edu/kerberos/krb5-latest/doc/appdev/gssapi.html>
> "If the krb5 mechanism acquires initial tickets using the default client
> keytab, the resulting tickets will be stored in the default cache or
> collection, and will be refreshed by future calls togss_acquire_cred
> <http://tools.ietf.org/html/rfc2744.html#section-5.2> as they approach
> their expire time."
> Seems the docs describe something that doesn't exist in the the code.
That functionality does exist, if the TGT was initially acquired using
gss_acquire_cred() with a client keytab. If you ran kinit -k by hand to
populate the ccache, those creds will not be automatically refreshed.
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
