[30784] in Kerberos
Re: Long-running jobs with renewal of krb5 tickets and AFS tokens
daemon@ATHENA.MIT.EDU (Nicolas Williams)
Mon Mar 2 14:05:09 2009
Date: Mon, 2 Mar 2009 12:54:58 -0600
From: Nicolas Williams <Nicolas.Williams@sun.com>
To: Jason Edgecombe <jason@rampaginggeek.com>
Message-ID: <20090302185458.GC9992@Sun.COM>
Mime-Version: 1.0
Content-Disposition: inline
In-Reply-To: <49AA11BA.3060509@rampaginggeek.com>
Cc: kerberos@mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
On Sat, Feb 28, 2009 at 11:40:26PM -0500, Jason Edgecombe wrote:
> I guess setting things for renewable tickets longer than 7 days or
> running the jobs in local disk will be easiest.
>
> We have a 7 day normal/renewable lifetime. What length do other sites have?
I have seen sites use on the order of months for the renewable ticket
lifetime, but still hours for normal ticket lifetime. If you already
use seven days for renew life you might as well double it -- whatever
your threat model is, if you can accept seven days then chances are you
can accept fourteen.
Nico
--
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
