[35874] in Kerberos
Re: Fwd: Kerberos5 ticket auto renewal
daemon@ATHENA.MIT.EDU (steve)
Tue Mar 18 15:22:07 2014
Message-ID: <1395170503.5684.6.camel@hh16.hh3.site>
From: steve <steve@steve-ss.com>
To: kerberos@mit.edu
Date: Tue, 18 Mar 2014 20:21:43 +0100
In-Reply-To: <CA+j=ERrHGtmvUVL8RDQrrC+nso=502=auWWdO-UM1SDNLJb1LQ@mail.gmail.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
On Tue, 2014-03-18 at 13:32 +0100, Wendy Lin wrote:
> Forwarding it here. What is the default Kerberos5 behaviour? I log in
> with pam_krb or kinit, but the tickets for nfs/ are not renewed. Why?
>
> Wendy
Hi
Maybe you have not requested anything from the file-server? In our Linux
setup a request is made by by an already authenticated user for the nfs
service. We don't do anything to renew the service ticket. So long as
the keytab contains e.g. the machine key to authenticate the server then
that sees to be enough. Does a nfs request perhaps kick it to
authenticate again if the service has expired? Confused.
Steve
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
