[35865] in Kerberos
Re: Fwd: Kerberos5 ticket auto renewal
daemon@ATHENA.MIT.EDU (Tomas Kuthan)
Tue Mar 18 08:58:49 2014
Message-ID: <5328420C.1010405@oracle.com>
Date: Tue, 18 Mar 2014 13:54:36 +0100
From: Tomas Kuthan <tomas.kuthan@oracle.com>
MIME-Version: 1.0
To: kerberos@mit.edu
In-Reply-To: <CA+j=ERrHGtmvUVL8RDQrrC+nso=502=auWWdO-UM1SDNLJb1LQ@mail.gmail.com>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
Hi Wendy,
(I can only comment on Solaris)
I suppose, you are referring to automatic renewal of tickets by
ktkt_warnd. ktkt_warn service is enabled by default, but there are
upgrade scenarios, were you can end up with ktkt_warn disabled. Run
'svcs ktkt_warn' to confirm.
If ktkt_warn is up and running, it could also be user-principal
discrepancy. IIRC, ktkt_warn won't register a warning for a principal
that doesn't map to your uid (such as running 'kinit username' as root).
Tomas
On 03/18/14 01:32 PM, Wendy Lin wrote:
> Forwarding it here. What is the default Kerberos5 behaviour? I log in
> with pam_krb or kinit, but the tickets for nfs/ are not renewed. Why?
>
> Wendy
>
> ---------- Forwarded message ----------
> From: Wendy Lin<wendlin1974@gmail.com>
> Date: 18 March 2014 11:05
> Subject: Kerberos5 ticket auto renewal
> To: "developer@lists.illumos.org"<developer@lists.illumos.org>
>
>
> Does Solaris/Illumos/Openindiana Kerberos5 do not renew tickets
> automatically in the default configuration?
>
> I noticed that if I do kinit to authenticate a test user the tickets
> are not renewed automatically after a day. Does anyone know why this
> happens?
>
> Wendy
>
>
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
